VYPR
Medium severity5.0NVD Advisory· Published Sep 10, 2024· Updated Jun 17, 2026

CVE-2024-43800

CVE-2024-43800

Description

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
serve-staticnpm
< 1.16.01.16.0
serve-staticnpm
>= 2.0.0, < 2.1.02.1.0

Affected products

48

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.