CVE-2024-43799

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-43799

Severity

5.0

Medium

CVSS V3

Summary

send vulnerable to template injection that can lead to XSS

Description

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

References

https://images.chainguard.dev/security/CGA-5grw-9wv6-r624
https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
https://images.chainguard.dev/security/CGA-4g7r-gq6m-3fjw
https://images.chainguard.dev/security/CGA-jgr3-p9cq-fqjh
https://images.chainguard.dev/security/CGA-fg3r-rpq5-c4xr
https://images.chainguard.dev/security/CGA-9cw3-8w4j-827w
https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35
https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg
https://lists.debian.org/debian-lts-announce/2025/06/msg00022.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-43799

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company