VYPR
Low severityNVD Advisory· Published Sep 10, 2024· Updated Sep 10, 2024

express vulnerable to XSS via response.redirect()

CVE-2024-43796

Description

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
expressnpm
< 4.20.04.20.0
expressnpm
>= 5.0.0-alpha.1, < 5.0.05.0.0

Affected products

48

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.