Medium severity4.7GHSA Advisory· Published Oct 3, 2024· Updated Apr 15, 2026
CVE-2024-9266
CVE-2024-9266
Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
expressnpm | >= 3.4.5, < 4.0.0-rc1 | 4.0.0-rc1 |
Affected products
9- osv-coords8 versionspkg:deb/ubuntu/node-express@4.1.1~dfsg-1?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/node-express@4.1.1~dfsg-1?arch=source&distro=esm-apps/xenialpkg:deb/ubuntu/node-express@4.17.1-2?arch=source&distro=esm-apps/focalpkg:deb/ubuntu/node-express@4.17.3+~4.17.13-1?arch=source&distro=jammypkg:deb/ubuntu/node-express@4.19.2+~cs8.36.21-1?arch=source&distro=noblepkg:deb/ubuntu/node-express@4.19.2+~cs8.36.26-1?arch=source&distro=oracularpkg:deb/ubuntu/node-express@4.21.0+~cs8.36.26-2?arch=source&distro=pluckypkg:npm/express
>= 0+ 7 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 3.4.5, < 4.0.0-rc1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.