CVE-2024-9266

MEDIUM4.7EPSS 0.13%

Express Open Redirect vulnerability

發布日:2024/10/3修改日:2024/10/9

描述

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0-rc1.

受影響套件(1)

npm/express>= 3.4.5, < 4.0.0-rc1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:P
osv	CVSS 3.1	MEDIUM4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-9266
PATCHhttps://github.com/expressjs/express
WEBhttps://github.com/expressjs/express/compare/3.4.4...3.4.5
WEBhttps://www.herodevs.com/vulnerability-directory/cve-2024-9266