You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected versions of this package are vulnerable to Cross-site Scripting due to improper handling of user input in the response.redirect method. An attacker can execute arbitrary code by passing malicious input to this method.
Note
To exploit this vulnerability, the following conditions are required:
The attacker should be able to control the input to response.redirect()
express must not redirect before the template appears
the browser must not complete redirection before:
the user must click on the link in the template
Remediation
Upgrade express to version 4.20.0, 5.0.0 or higher.
Detailed paths
Overview
express is a minimalist web framework.
Affected versions of this package are vulnerable to Cross-site Scripting due to improper handling of user input in the
response.redirectmethod. An attacker can execute arbitrary code by passing malicious input to this method.Note
To exploit this vulnerability, the following conditions are required:
The attacker should be able to control the input to
response.redirect()express must not redirect before the template appears
the browser must not complete redirection before:
the user must click on the link in the template
Remediation
Upgrade
expressto version 4.20.0, 5.0.0 or higher.References
SNYK-JS-EXPRESS-7926867
(CVE-2024-43796) [email protected]
The text was updated successfully, but these errors were encountered: