CVE-2024-9266 – express

Package

Manager: npm
Name: express
Vulnerable Version: >=3.4.5 <4.0.0-rc1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P

EPSS: 0.00027 pctl0.05877

Details

Express Open Redirect vulnerability URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0-rc1.

Metadata

Created: 2024-10-03T21:31:05Z
Modified: 2024-10-09T23:46:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-jj78-5fmv-mv28/GHSA-jj78-5fmv-mv28.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-jj78-5fmv-mv28
Finding: F156
Auto approve: 1