Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
History

Fri, 13 Dec 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhboac Hawtio
CPEs cpe:/a:redhat:rhboac_hawtio:4.0.0
Vendors & Products Redhat rhboac Hawtio

Thu, 12 Dec 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Distributed Tracing
CPEs cpe:/a:redhat:openshift_distributed_tracing:3.4::el8
Vendors & Products Redhat openshift Distributed Tracing

Tue, 10 Dec 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhmt
CPEs cpe:/a:redhat:rhmt:1.8::el8
Vendors & Products Redhat rhmt

Thu, 31 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_data_foundation:4.17::el9
cpe:/a:redhat:openshift_gitops:1.12::el8
cpe:/a:redhat:openshift_gitops:1.12::el9

Wed, 30 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Gitops
CPEs cpe:/a:redhat:openshift_gitops:1.13::el8
Vendors & Products Redhat openshift Gitops

Tue, 22 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat network Observ Optr
CPEs cpe:/a:redhat:network_observ_optr:1.7.0::el9
Vendors & Products Redhat network Observ Optr

Wed, 16 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Data Foundation
CPEs cpe:/a:redhat:openshift_data_foundation:4.16::el9
Vendors & Products Redhat openshift Data Foundation

Tue, 15 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Serverless
CPEs cpe:/a:redhat:openshift_serverless:1.34::el8
Vendors & Products Redhat openshift Serverless

Tue, 08 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat service Mesh
CPEs cpe:/a:redhat:service_mesh:2.4::el8
cpe:/a:redhat:service_mesh:2.5::el8
cpe:/a:redhat:service_mesh:2.6::el8
cpe:/a:redhat:service_mesh:2.6::el9
Vendors & Products Redhat
Redhat service Mesh

Fri, 20 Sep 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Send Project
Send Project send
CPEs cpe:2.3:a:send_project:send:*:*:*:*:*:node.js:*:*
Vendors & Products Send Project
Send Project send

Tue, 10 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Sep 2024 19:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 10 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
Description Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.
Title send vulnerable to template injection that can lead to XSS
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-10T14:45:06.761Z

Updated: 2024-09-10T19:34:18.557Z

Reserved: 2024-08-16T14:20:37.326Z

Link: CVE-2024-43799

cve-icon Vulnrichment

Updated: 2024-09-10T19:34:14.865Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-10T15:15:17.727

Modified: 2024-09-20T16:57:14.687

Link: CVE-2024-43799

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-10T15:15:17Z

Links: CVE-2024-43799 - Bugzilla