CVE-2024-9266Open Redirect in Express

CWE-601Open Redirect7 documents6 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 68.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Expressjs ExpressExpress
Timeline
PublishedOct 3

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

npmexpress/express3.4.54.0.0-rc1
CVEListV5expressjs/express3.4.54.0.0

🔴Vulnerability Details

4
GHSA
Express Open Redirect vulnerability2024-10-03
CVEList
Open Redirect2024-10-03
OSV
Express Open Redirect vulnerability2024-10-03
OSV
CVE-2024-9266: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express2024-10-03

📋Vendor Advisories

2
Red Hat
express: URL redirection vulnerability2024-10-03
Debian
CVE-2024-9266: node-express - URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. Th...2024
CVE-2024-9266 — Open Redirect in Expressjs Express | cvebase