30 matches found
ROOT-APP-NPM-CVE-2024-29041 CVE-2024-29041 in @rootio/express - Patched by Root
Root has patched CVE-2024-29041 in the @rootio/express package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in express-4.17.3.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of express-4.17.3.tgz Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affecte...
Ubuntu: Security Advisory (USN-7581-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Express vulnerabilities (USN-7581-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7581-1 advisory. It was discovered that Express incorrectly handled certain URLs, leading to an open redirect...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a phishing attack due to the ExpressJS package (CVE-2024-29041)
Summary ExpressJS is used by IBM DataStage on Cloud Pak for Data as part of the web application framework. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...
Linux Distros Unpatched Vulnerability : CVE-2024-29041
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open...
Security Bulletin: PVR0501342 [Express - CVE-2024-29041 (Publicly disclosed vulnerability) ]
Summary This Security Bulletin is created to reflect the remedian done for PVR0501342 Express - CVE-2024-29041 Publicly disclosed vulnerability. The 'express' has been upgraded in PowerHA GUI Rel 7.2.9 from version 4.16.4 to version 4.19.2 in order to resolve this PVR. Vulnerability Details...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Express.js Express open redirect vulnerability [ CVE-2024-29041]
Summary Potential open redirect vulnerability in Express.js Express CVE-2024-29041 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-29041...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update
Red Hat OpenShift Service Mesh Containers for 2.6.1 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Express.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...
CBL Mariner 2.0 Security Update: reaper (CVE-2024-29041)
The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29041 advisory. - Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alp...
Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)
Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to conduction of phishing attacks due to a web framework used in node
Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-29041. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
Security Bulletin: Maximo Application suite - express-4.18.2.tgz is vulnerable to CVE-2024-29041 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attack...
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
Important: Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift
Network Observability 1.6 for Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2024-29041 affecting package reaper for versions less than 3.1.1-9
CVE-2024-29041 affecting package reaper for versions less than 3.1.1-9. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041.
Summary IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to condu...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to the node.js module follow-redirects and Express.js (CVE-2024-28849, CVE-2024-29041)
Summary IBM App Connect Enterprise is vulnerable to a remote attack due to node.js module follow-redirects and Express.js. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for April 2024.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...