PT-2024-39524 · Express · Express
Matvejs Mascenko
·
Published
2024-10-03
·
Updated
2024-10-07
·
CVE-2024-9266
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Express versions 3.4.5 through 4.0.0
Description
This issue is related to a URL Redirection to Untrusted Site, also known as an 'Open Redirect' vulnerability, affecting the use of the Express Response object.
Recommendations
For Express versions 3.4.5 through 4.0.0, update to version 4.0.0 or later to resolve the issue.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Express