93 matches found
Express.js Cookie-Session Weak Secret Key
Express.js applications with Cookie-Session use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in an environment variable and is used for multiple security-critical operations. When a weak or easily...
Express.js Express-Session Weak Secret Key
Express.js applications with Express-Session use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in an environment variable and is used for multiple security-critical operations. When a weak or easily...
Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...
Remote Code Execution (RCE)
Express.js is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation or handling of user input when passed to response.redirect, allowing untrusted code to be executed despite sanitization efforts...
CVE-2024-43796
A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect, even if the input is sanitized. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...
CVE-2024-43796
Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...
UBUNTU-CVE-2024-43796
Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...
CVE-2024-43796 express vulnerable to XSS via response.redirect()
Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...
CVE-2024-43796
CVE-2024-43796 : Express.js (Node) vulnerable in versions prior to 4.20.0 where untrusted input passed to response.redirect() can lead to execution of untrusted code. This is mitigated by upgrading to Express.js 4.20.0 or newer; the issue is categorized under a cross-site scripting concern in the...
CVE-2024-43796
Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...
Express.js 跨站脚本漏洞
Express.js is a fast, unconstrained, minimalist web framework for Node.js open-sourced by expressjs. A cross-site scripting vulnerability exists in Express.js that stems from passing untrusted user input to redirect, which may execute untrusted code...
Express.js 跨站脚本漏洞
Express.js is a fast, unconstrained, minimalist web framework for Node.js open sourced by expressjs. A cross-site scripting vulnerability exists in Express.js that stems from passing untrusted user input to response.redirect, which may execute untrusted code...
PT-2024-30664
Name of the Vulnerable Software and Affected Versions Express.js versions prior to 4.20.0 Description The issue concerns the execution of untrusted code when passing untrusted user input to the response.redirect function in Express.js, even after sanitizing the input. This can occur when an...
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused ...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Express.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Express.js ( CVE-2022-24999 )
Summary Express.js is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-24999. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of...
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Information Queue
Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ v10.0.9. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive...
ROS-20240719-05
A vulnerability in the ejs web application development pattern for Node.Js is related to incorrect neutralization of special elements in the output data used by the input component. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by injecting...
CBL Mariner 2.0 Security Update: reaper (CVE-2024-29041)
The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29041 advisory. - Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alp...
Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)
Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using...