PT-2025-48543

Name of the Vulnerable Software and Affected Versions Express.js versions prior to 5.2.0 Express.js versions prior to 4.22.0 Description Express.js, a minimalist web framework for Node.js, is affected by an issue where the request.query object inherits all object prototype properties when using t...

编号撤回

Express.js is expressjs open source a fast, unconstrained, minimalist web framework for Node.js. This CVE number has been withdrawn...

Security Bulletin: vulerability in IBM Spectrum Symphony with Express.js

Summary vulerability in IBM Spectrum Symphony with Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect...

EUVD-2018-0315

Malware in sbrugna...

EUVD-2018-2882

Malware in sbrugna...

EUVD-2018-0256

Malware in sbrugna...

EUVD-2018-0298

Malware in sbrugna...

EUVD-2024-1007

Malicious code in bioql PyPI...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in express-4.18.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of express-4.18.1.tgz Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in express-4.17.3.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of express-4.17.3.tgz Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affecte...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Cross-site Scripting (XSS) due to express.js ( CVE-2024-43796 )

Summary Potential vulnerabilities in express.js package CVE-2024-43796 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after...

Linux Distros Unpatched Vulnerability : CVE-2024-43796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute...

Linux Distros Unpatched Vulnerability : CVE-2024-29041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open...

Azure Linux 3.0 Security Update: python-tensorboard / reaper (CVE-2024-43796)

The version of python-tensorboard / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43796 advisory. - Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user...

Security Bulletin: Vulnerability in Express.js affects watsonx.data

Summary Express.js Express is vulnerable to conduct phishing attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...

Security Bulletin: PVR0501342 [Express - CVE-2024-29041 (Publicly disclosed vulnerability) ]

Summary This Security Bulletin is created to reflect the remedian done for PVR0501342 Express - CVE-2024-29041 Publicly disclosed vulnerability. The 'express' has been upgraded in PowerHA GUI Rel 7.2.9 from version 4.16.4 to version 4.19.2 in order to resolve this PVR. Vulnerability Details...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Express.js Express open redirect vulnerability [ CVE-2024-29041]

Summary Potential open redirect vulnerability in Express.js Express CVE-2024-29041 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-29041...

Express.js 安全漏洞

Express.js is a fast, unconstrained, minimalist web framework for Node.js open sourced by expressjs. A security vulnerability exists in Express.js 3.21.2 and earlier versions, which stems from a response.links function that can inject arbitrary resources in the Link header when using unaudited da...

Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System

Summary Vulnerabilities found in components packaged with Cloud Pak System, Node.js, Express, Axios. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to...

CBL Mariner 2.0 Security Update: python-tensorboard / reaper (CVE-2024-43796)

The version of python-tensorboard / reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43796 advisory. - Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user...