Lucene search
K

21 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 12:3 p.m.6 views

Security Bulletin: A vulnerability in the serve-static package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the serve-static package affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute...

5CVSS5.8AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:12 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in serve-static-1.15.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of serve-static-1.15.0.tgz Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code...

5CVSS6.7AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:22 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serve...

5CVSS6.6AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/17 8:4 a.m.7 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Cross-site Scripting (XSS) due to server-static package ( CVE-2024-43800 )

Summary Potential vulnerabilities in server-static package CVE-2024-43800 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to...

5CVSS6.5AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/14 7:43 p.m.10 views

Security Bulletin: Vulnerability in expressjs serve-static affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in expressjs serve-static has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

5CVSS7.2AI score0.00595EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-43800

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is...

5CVSS6.7AI score0.00595EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-43800 CVE-2024-43799 CVE-2024-6119.

Summary IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-43800, CVE-2024-43799 and CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS8.1AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to serve-static-1.15.0.tgz CVE-2024-43800. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site...

5CVSS6.6AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43800)

Summary There is a vulnerability in expressjs serve-static used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is...

5CVSS6.8AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/20 3:25 p.m.28 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable...

7.5CVSS5.8AI score0.00932EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2024/10/30 6:18 p.m.38 views

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.6 security update

An update is now available for Red Hat OpenShift GitOps v1.12.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS7.2AI score0.01262EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/24 10:26 p.m.20 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in serve-static-1.15.0.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of serve-static-1.15.0.tgz Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...

5CVSS6.7AI score0.00595EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/17 12:0 a.m.20 views

CBL Mariner 2.0 Security Update: reaper (CVE-2024-43800)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43800 advisory. - serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to...

5CVSS6.9AI score0.00595EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2024/10/15 11:32 p.m.16 views

CVE-2024-43800 affecting package reaper for versions less than 3.1.1-13

CVE-2024-43800 affecting package reaper for versions less than 3.1.1-13. A patched version of the package is available...

5CVSS8.7AI score0.00595EPSS
Exploits0
Circl
Circl
added 2024/09/10 6:25 p.m.5 views

CVE-2024-43800

creationtimestamp| type| source ---|---|--- 2024-09-10 18:25:08+00:00| seen| https://t.me/cvedetector/5241...

5CVSS6.3AI score0.00595EPSS
Exploits0References1
Wolfi
Wolfi
added 2024/09/10 3:15 p.m.26 views

CVE-2024-43800 vulnerabilities

Vulnerabilities for packages: kubeflow-centraldashboard, kubeflow-pipelines, sqlpad, argo-workflows...

5CVSS6.6AI score0.00595EPSS
Exploits0
Chainguard
Chainguard
added 2024/09/10 3:15 p.m.6 views

CVE-2024-43800 vulnerabilities

Vulnerabilities for packages: sqlpad, argo-workflows, kubeflow-centraldashboard, kubeflow-pipelines...

5CVSS6.6AI score0.00595EPSS
Exploits0
OSV
OSV
added 2024/09/10 3:15 p.m.2 views

DEBIAN-CVE-2024-43800

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

4.7CVSS6.4AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2024/09/10 3:15 p.m.5 views

AZL-49147 CVE-2024-43800 affecting package reaper for versions less than 3.1.1-13

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

4.7CVSS6.8AI score0.00595EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/10 2:50 p.m.24 views

CVE-2024-43800 serve-static affected by template injection that can lead to XSS

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

5CVSS6.9AI score0.00595EPSS
Exploits0References3
Rows per page
Query Builder