CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Openjsf: >> Express >> 4.19.2 Security Vulnerabilities

CVE-2024-43796

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

CVSS Score

5.0

EPSS Score

0.0

Published

2024-09-10

Page 1

Vulnerabilities

Vulnerable Software

Openjsf: >> Express >> 4.19.2 Security Vulnerabilities

Products

Pricing

Contact Us