Filtered by vendor Expressjs Subscriptions
Filtered by product Express Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-10491 2 Expressjs, Openjsf 2 Express, Express 2024-11-07 4 Medium
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.