Lucene search
K

93 matches found

Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.5 views

Express.js Cookie-Session Weak Secret Key

Express.js applications with Cookie-Session use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in an environment variable and is used for multiple security-critical operations. When a weak or easily...

7.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.16 views

Express.js Express-Session Weak Secret Key

Express.js applications with Express-Session use an application key to encrypt and sign various data, including session cookies and other sensitive information. This key is typically stored in an environment variable and is used for multiple security-critical operations. When a weak or easily...

7.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 5:39 p.m.24 views

Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...

8.1CVSS8.6AI score0.08279EPSS
Exploits5Affected Software1
Veracode
Veracode
added 2024/09/11 7:6 a.m.8 views

Remote Code Execution (RCE)

Express.js is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation or handling of user input when passed to response.redirect, allowing untrusted code to be executed despite sanitization efforts...

5CVSS5.5AI score0.00458EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2024/09/10 4:13 p.m.24 views

CVE-2024-43796

A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect, even if the input is sanitized. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

5CVSS5.5AI score0.00458EPSS
Exploits0References5
NVD
NVD
added 2024/09/10 3:15 p.m.33 views

CVE-2024-43796

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

5CVSS0.00458EPSS
Exploits0References2
OSV
OSV
added 2024/09/10 3:15 p.m.2 views

UBUNTU-CVE-2024-43796

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

5CVSS6.8AI score0.00458EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/10 2:36 p.m.23 views

CVE-2024-43796 express vulnerable to XSS via response.redirect()

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

5CVSS0.00458EPSS
Exploits0References2
CVE
CVE
added 2024/09/10 2:36 p.m.321 views

CVE-2024-43796

CVE-2024-43796 : Express.js (Node) vulnerable in versions prior to 4.20.0 where untrusted input passed to response.redirect() can lead to execution of untrusted code. This is mitigated by upgrading to Express.js 4.20.0 or newer; the issue is categorized under a cross-site scripting concern in the...

5CVSS5.8AI score0.00458EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/09/10 2:36 p.m.14 views

CVE-2024-43796

Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute untrusted code. This issue is patched in express 4.20.0...

5CVSS6.5AI score0.00458EPSS
Exploits0
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.3 views

Express.js 跨站脚本漏洞

Express.js is a fast, unconstrained, minimalist web framework for Node.js open-sourced by expressjs. A cross-site scripting vulnerability exists in Express.js that stems from passing untrusted user input to redirect, which may execute untrusted code...

5CVSS6.5AI score0.00595EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.3 views

Express.js 跨站脚本漏洞

Express.js is a fast, unconstrained, minimalist web framework for Node.js open sourced by expressjs. A cross-site scripting vulnerability exists in Express.js that stems from passing untrusted user input to response.redirect, which may execute untrusted code...

5CVSS6.5AI score0.00458EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/10 12:0 a.m.6 views

PT-2024-30664

Name of the Vulnerable Software and Affected Versions Express.js versions prior to 4.20.0 Description The issue concerns the execution of untrusted code when passing untrusted user input to the response.redirect function in Express.js, even after sanitizing the input. This can occur when an...

5CVSS6.9AI score0.00458EPSS
Exploits0References25
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/26 2:16 p.m.39 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused ...

8.2CVSS7.9AI score0.87211EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/22 12:21 a.m.33 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Express.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...

6.1CVSS6.6AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 6:47 p.m.25 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Express.js ( CVE-2022-24999 )

Summary Express.js is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-24999. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of...

7.5CVSS8.1AI score0.14663EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/05 9:25 a.m.30 views

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Information Queue

Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ v10.0.9. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive...

7.5CVSS7.8AI score0.01471EPSS
Exploits4Affected Software1
Redos
Redos
added 2024/07/19 12:0 a.m.24 views

ROS-20240719-05

A vulnerability in the ejs web application development pattern for Node.Js is related to incorrect neutralization of special elements in the output data used by the input component. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by injecting...

6.1CVSS7.7AI score0.00786EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.28 views

CBL Mariner 2.0 Security Update: reaper (CVE-2024-29041)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29041 advisory. - Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alp...

6.1CVSS6.4AI score0.00786EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 10:29 p.m.44 views

Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)

Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using...

6.1CVSS6.5AI score0.00786EPSS
Exploits0Affected Software1
Rows per page
Query Builder