CVE-2024-43796
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-43796
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-43796.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-43796
- Aliases
- Downstream
- Related
- Published
- 2024-09-10T14:36:27Z
- Modified
- 2025-10-20T20:27:29.619509Z
- Severity
-
- 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- express vulnerable to XSS via response.redirect()
- Details
-
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
- Database specific
{ "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Git / github.com/expressjs/express
Affected ranges
- Type
- GIT
- Repo
- https://github.com/expressjs/express
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/expressjs/express
- Events
Affected versions
0.*
0.0.1
0.0.2
0.1.0
0.10.0
0.10.1
0.11.0
0.12.0
0.13.0
0.14.0
0.2.0
0.2.1
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.8.0
0.9.0
1.*
1.0.0
1.0.0beta
1.0.0beta2
1.0.0rc
1.0.0rc2
1.0.0rc3
1.0.0rc4
2.*
2.0.0
2.0.0beta2
2.0.0beta3
2.0.0rc
2.0.0rc2
2.0.0rc3
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.10
2.3.11
2.3.12
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
3.*
3.0.0alpha1
3.0.0alpha2
3.0.0alpha3
3.0.0alpha4
3.0.0alpha5
3.0.0beta1
3.0.0beta2
3.0.0beta3
3.0.0beta4
3.0.0beta5
3.0.0beta6
3.0.0beta7
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
3.1.2
3.10.0
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.11.0
3.12.0
3.12.1
3.13.0
3.14.0
3.15.0
3.15.1
3.15.2
3.15.3
3.16.0
3.16.1
3.16.10
3.16.2
3.16.3
3.16.4
3.16.5
3.16.6
3.16.7
3.16.8
3.16.9
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.5
3.17.6
3.17.7
3.17.8
3.18.0
3.18.1
3.18.2
3.18.3
3.18.4
3.18.5
3.18.6
3.19.0
3.19.1
3.19.2
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.20.0
3.20.1
3.20.2
3.20.3
3.21.0
3.21.1
3.21.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.5.0
3.5.1
3.5.2
3.5.3
3.6.0
3.7.0
3.8.0
3.8.1
3.9.0
4.*
4.0.0
4.0.0-rc1
4.0.0-rc2
4.0.0-rc3
4.0.0-rc4
4.1.0
4.1.1
4.1.2
4.10.0
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.11.0
4.11.1
4.11.2
4.12.0
4.12.1
4.12.2
4.12.3
4.12.4
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.14.0
4.14.1
4.15.0
4.15.1
4.15.2
4.15.3
4.15.4
4.15.5
4.16.0
4.16.1
4.16.2
4.16.3
4.16.4
4.17.0
4.17.1
4.17.2
4.17.3
4.18.0
4.18.1
4.18.2
4.18.3
4.19.0
4.19.1
4.19.2
4.2.0
4.20.0
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.5.0
4.5.1
4.6.0
4.6.1
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.9.0
4.9.1
4.9.2
4.9.3
4.9.4
4.9.5
4.9.6
4.9.7
4.9.8
5.*
5.0.0-alpha.1
5.0.0-alpha.2
5.0.0-alpha.3
5.0.0-alpha.4
5.0.0-alpha.5
5.0.0-alpha.6
5.0.0-alpha.7
5.0.0-alpha.8
5.0.0-beta.2
v5.*
v5.0.0-beta.1
v5.0.0-beta.3