CVE-2024-43800

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-43800

Severity

5.0

Medium

CVSS V3

Summary

serve-static affected by template injection that can lead to XSS

Description

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

References

https://images.chainguard.dev/security/CGA-x5fj-mf5j-g2mx
https://github.com/advisories/GHSA-cm22-4g7w-348p
https://images.chainguard.dev/security/CGA-wq6m-hw6r-4r4g
https://images.chainguard.dev/security/CGA-6mjq-8vxm-wf5h
https://images.chainguard.dev/security/CGA-5grf-qqgg-78vf
https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-43800

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company