CVE-2024-9266

State: PUBLISHED · Published: 2024-10-03 · Updated: 2024-10-03 · Assigner: HeroDevs

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.

CWE

CWE-601 — CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Affected

expressjs / express — v=3.4.5 <4.0.0 [affected]

CVSS

3.1 score=4.7 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

References

https://www.herodevs.com/vulnerability-directory/cve-2024-9266

Source

cvelistV5-main/cves/2024/9xxx/CVE-2024-9266.json