Security Bulletin: A vulnerability in the serve-static package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the serve-static package affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "serve-static-1.15.0.tgz, cookie-0.6.0.tgz, send-0.18.0.tgz, express-4.19.2.tgz, requests v2.25.1, idna v2.1" which are vulnerable to "CVE-2024-43800, CVE-2024-47764, CVE-2024-43799, CVE-2024-43796, CVE-2023-32681, CVE-2024-35195, CVE-2024-3651". This...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in serve-static-1.15.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of serve-static-1.15.0.tgz Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serve...

CVE-2022-28380

The rc-httpd component through 2022-03-31 for 9front Plan 9 fork allows ..%2f directory traversal if serve-static is used...

Cross-site Scripting (XSS)

serve-static is vulnerable to Cross-site Scripting XSS. The vulnerability is due to passing untrusted user input, even after sanitization, to the redirect function, which may lead to the execution of untrusted code...

01-numacert (>=1.0.0 <=3.0.0), 02-infrastructure (=1.0.0) +18556 more potentially affected by CVE-2024-43800 via serve-static (>=1.0.1 <=1.15.0)

serve-static NPM version =1.0.1, =1.0.0, =1.0.0, =1.0.3, =0.1.0, =0.2.0, =0.2.2 and more Source cves: CVE-2024-43800 Source advisory: OSV:GHSA-CM22-4G7W-348P...

AZL-49094 CVE-2024-43800 affecting package nodejs-nodemon 2.0.3-4

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

UBUNTU-CVE-2024-43800

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...