CVE-2024-51999

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-51999

Severity

Unknown

Description

Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.

References

https://images.chainguard.dev/security/CGA-vqpc-746g-j64p
https://github.com/advisories/GHSA-pj86-cfqh-vqx6
https://images.chainguard.dev/security/CGA-8f93-wgxf-9w29
https://images.chainguard.dev/security/CGA-fv4g-m88m-75cp
https://images.chainguard.dev/security/CGA-3hg8-7vv4-j863
https://images.chainguard.dev/security/CGA-pp33-6qww-cm62
https://images.chainguard.dev/security/CGA-33rp-6xxg-4v8r
https://images.chainguard.dev/security/CGA-mmhm-h2r2-px38
https://images.chainguard.dev/security/CGA-xm9j-86w4-jj2w
https://images.chainguard.dev/security/CGA-rgjg-v8cc-53q6
https://images.chainguard.dev/security/CGA-2hq2-wcfx-px5x
https://images.chainguard.dev/security/CGA-4c5q-pwxf-hhfq
https://images.chainguard.dev/security/CGA-fj56-jxj4-7wf7
https://images.chainguard.dev/security/CGA-m9mx-wpp9-4pp4
https://github.com/expressjs/express/releases/tag/4.22.0
https://github.com/expressjs/express/releases/tag/v5.2.0
https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6
https://github.com/expressjs/express/commit/2f64f68c37c64ae333e41ff38032d21860f22255

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-51999

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company