​
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-43796

Published

Last updated

https://nvd.nist.gov/vuln/detail/CVE-2024-43796

Severity

4.7

Medium

CVSS V3

Description

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

References

  • https://github.com/advisories/GHSA-qw6h-vgh9-j6wx

Affected packages


Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images