Expressjs Express vulnerabilities
3 known vulnerabilities affecting expressjs/express.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-9266MEDIUMCVSS 4.7≥ 3.4.5, < 4.0.02024-10-03
CVE-2024-9266 [MEDIUM] CWE-601 CVE-2024-9266: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability aff
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
cvelistv5nvd
CVE-2024-43796MEDIUMCVSS 4.7fixed in 4.20.0v>= 5.0.0-alpha.1, < 5.0.02024-09-10
CVE-2024-43796 [MEDIUM] CWE-79 CVE-2024-43796: Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - ev
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
cvelistv5nvd
CVE-2024-29041MEDIUMCVSS 6.1v>=4.14.0, <4.19.0v>=5.0.0-alpha.1, <5.0.0-beta.32024-03-25
CVE-2024-29041 [MEDIUM] CWE-601 CVE-2024-29041: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-rel
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/en
cvelistv5nvd