Filtered by vendor Expressjs
Subscriptions
Filtered by product Express
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-10491 | 2 Expressjs, Openjsf | 2 Express, Express | 2024-11-07 | 4 Medium |
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. |
Page 1 of 1.