GHSA-jj78-5fmv-mv28

Suggest an improvement
Source
https://github.com/advisories/GHSA-jj78-5fmv-mv28
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-jj78-5fmv-mv28/GHSA-jj78-5fmv-mv28.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jj78-5fmv-mv28
Aliases
  • CVE-2024-9266
Published
2024-10-03T21:31:05Z
Modified
2024-10-09T23:46:55Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P CVSS Calculator
Summary
Express Open Redirect vulnerability
Details

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0-rc1.

Database specific
{
    "nvd_published_at": "2024-10-03T19:15:05Z",
    "cwe_ids": [
        "CWE-601"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-09T17:03:12Z"
}
References

Affected packages

npm / express

Package

Affected ranges

Type
SEMVER
Events
Introduced
3.4.5
Fixed
4.0.0-rc1