CVE-2024-9266
published 2024-10-03CVE-2024-9266: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue…
PriorityP418medium4.7CVSS 3.1
AVNACLPRNUIRSCCLINAN
EPSS
0.42%
33.9th percentile
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | node-express | — | — |
| express | express | >= 3.4.5 < 4.0.0-rc1 | 4.0.0-rc1 |
| expressjs | express | >= 3.4.5 < 4.0.0 | 4.0.0 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
osv4.7MEDIUM
vendor_debian4.7LOW
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Express Open Redirect vulnerability
ghsa·2024-10-03
CVE-2024-9266 [LOW] CWE-601 Express Open Redirect vulnerability
Express Open Redirect vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0-rc1.
OSV
Express Open Redirect vulnerability
osv·2024-10-03
CVE-2024-9266 [LOW] Express Open Redirect vulnerability
Express Open Redirect vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0-rc1.
OSV
CVE-2024-9266: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express
osv·2024-10-03·CVSS 4.7
CVE-2024-9266 [MEDIUM] CVE-2024-9266: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
Red Hat
express: URL redirection vulnerability
vendor_redhat·2024-10-03·CVSS 4.7
CVE-2024-9266 [MEDIUM] CWE-601 express: URL redirection vulnerability
express: URL redirection vulnerability
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
A flaw was found in the Express package for Node.js. Certain versions are vulnerable to an open redirect attack, a URL redirection to an untrusted site, via the Express 3 Response object. This flaw may allow a user to be redirected to an untrusted page containing malware, which may compromise the user's machine.
Statement: This flaw is specific to certain versions of Express 3, which has reached end-of-life. No Red Hat products are affected by this vulnerability.
Mitigation: Mitigation for this issue is either not available or the currently available op
Debian
CVE-2024-9266: node-express - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. Th...
vendor_debian·2024·CVSS 4.7
CVE-2024-9266 [MEDIUM] CVE-2024-9266: node-express - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. Th...
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
2024-10-03
Published