CVE-2024-43796

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/43xxx/CVE-2024-43796.json"
}

References

Affected packages

Git / github.com/expressjs/express

Affected ranges

Type

GIT

Repo

https://github.com/expressjs/express

Events

Introduced

Fixed

21df421ebc7a5249bb31101da666bbf22adc3f18

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.20.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/expressjs/express

Events

Introduced

4052c15c7f10b79fb7c54f3837ffe118f7a99811

Fixed

344b022fc7ed95cf07b46e097935e61151fd585f

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0-alpha.1"
        },
        {
            "fixed": "5.0.0"
        }
    ]
}

Affected versions

0.*

0.0.1

0.0.2

0.1.0

0.10.0

0.10.1

0.11.0

0.12.0

0.13.0

0.14.0

0.2.0

0.2.1

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.8.0

0.9.0

1.*

1.0.0

1.0.0beta

1.0.0beta2

1.0.0rc

1.0.0rc2

1.0.0rc3

1.0.0rc4

2.*

2.0.0

2.0.0beta2

2.0.0beta3

2.0.0rc

2.0.0rc2

2.0.0rc3

2.1.0

2.1.1

2.2.0

2.2.1

2.2.2

2.3.0

2.3.1

2.3.10

2.3.11

2.3.12

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.1

2.4.2

2.4.3

3.*

3.0.0alpha1

3.0.0alpha2

3.0.0alpha3

3.0.0alpha4

3.0.0alpha5

3.0.0beta1

3.0.0beta2

3.0.0beta3

3.0.0beta4

3.0.0beta5

3.0.0beta6

3.0.0beta7

3.0.0rc1

3.0.0rc2

3.0.0rc3

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

3.1.2

3.10.0

3.10.1

3.10.2

3.10.3

3.10.4

3.10.5

3.11.0

3.12.0

3.12.1

3.13.0

3.14.0

3.15.0

3.15.1

3.15.2

3.15.3

3.16.0

3.16.1

3.16.10

3.16.2

3.16.3

3.16.4

3.16.5

3.16.6

3.16.7

3.16.8

3.16.9

3.17.0

3.17.1

3.17.2

3.17.3

3.17.4

3.17.5

3.17.6

3.17.7

3.17.8

3.18.0

3.18.1

3.18.2

3.18.3

3.18.4

3.18.5

3.18.6

3.19.0

3.19.1

3.19.2

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.20.0

3.20.1

3.20.2

3.20.3

3.21.0

3.21.1

3.21.2

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.3.7

3.3.8

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.5.0

3.5.1

3.5.2

3.5.3

3.6.0

3.7.0

3.8.0

3.8.1

3.9.0

4.*

4.0.0

4.0.0-rc1

4.0.0-rc2

4.0.0-rc3

4.0.0-rc4

4.1.0

4.1.1

4.1.2

4.10.0

4.10.1

4.10.2

4.10.3

4.10.4

4.10.5

4.10.6

4.10.7

4.10.8

4.11.0

4.11.1

4.11.2

4.12.0

4.12.1

4.12.2

4.12.3

4.12.4

4.13.0

4.13.1

4.13.2

4.13.3

4.13.4

4.14.0

4.14.1

4.15.0

4.15.1

4.15.2

4.15.3

4.15.4

4.15.5

4.16.0

4.16.1

4.16.2

4.16.3

4.16.4

4.17.0

4.17.1

4.17.2

4.17.3

4.18.0

4.18.1

4.18.2

4.18.3

4.19.0

4.19.1

4.19.2

4.2.0

4.20.0

4.3.0

4.3.1

4.3.2

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.5.0

4.5.1

4.6.0

4.6.1

4.7.0

4.7.1

4.7.2

4.7.3

4.7.4

4.8.0

4.8.1

4.8.2

4.8.3

4.8.4

4.8.5

4.8.6

4.8.7

4.8.8

4.9.0

4.9.1

4.9.2

4.9.3

4.9.4

4.9.5

4.9.6

4.9.7

4.9.8

5.*

5.0.0-alpha.1

5.0.0-alpha.2

5.0.0-alpha.3

5.0.0-alpha.4

5.0.0-alpha.5

5.0.0-alpha.6

5.0.0-alpha.7

5.0.0-alpha.8

5.0.0-beta.2

v5.*

v5.0.0-beta.1

v5.0.0-beta.3