Vulnerabilites related to openjsf - express
cve-2024-10491
Vulnerability from cvelistv5
Published
2024-10-29 16:23
Modified
2024-10-29 19:44
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.
The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.
This vulnerability is especially relevant for dynamic parameters.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "express", vendor: "expressjs", versions: [ { lessThanOrEqual: "3.21.2", status: "affected", version: "3.0.0-alpha1", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-10491", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T19:42:55.922371Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-29T19:44:30.890Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://www.npmjs.com/package/express", defaultStatus: "unaffected", packageName: "express", product: "express", repo: "https://github.com/expressjs/express", vendor: "express", versions: [ { lessThanOrEqual: "3.21.2", status: "affected", version: "3.0.0-alpha1", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "abze", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>A vulnerability has been identified in the Express <em>response.links</em> function, allowing for arbitrary resource injection in the <em>Link</em> header when unsanitized data is used.</p><p>The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.</p><p>This vulnerability is especially relevant for dynamic parameters.</p><br>", }, ], value: "A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters.", }, ], impacts: [ { capecId: "CAPEC-240", descriptions: [ { lang: "en", value: "CAPEC-240 Resource Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-74", description: "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T16:26:16.251Z", orgId: "36c7be3b-2937-45df-85ea-ca7133ea542c", shortName: "HeroDevs", }, references: [ { url: "https://www.herodevs.com/vulnerability-directory/cve-2024-10491", }, ], source: { discovery: "UNKNOWN", }, title: "Preload arbitrary resources by injecting additional `Link` headers", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "36c7be3b-2937-45df-85ea-ca7133ea542c", assignerShortName: "HeroDevs", cveId: "CVE-2024-10491", datePublished: "2024-10-29T16:23:21.219Z", dateReserved: "2024-10-29T11:53:00.416Z", dateUpdated: "2024-10-29T19:44:30.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-6393
Vulnerability from cvelistv5
Published
2017-08-09 18:00
Modified
2024-08-06 12:17
Severity ?
EPSS score ?
Summary
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.
References
| ▼ | URL | Tags |
|---|---|---|
| https://nodesecurity.io/advisories/express-no-charset-in-content-type-header | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1203190 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:17:23.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-12T00:00:00", descriptions: [ { lang: "en", value: "The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-09T17:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-6393", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", refsource: "CONFIRM", url: "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-6393", datePublished: "2017-08-09T18:00:00", dateReserved: "2014-09-15T00:00:00", dateUpdated: "2024-08-06T12:17:23.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43796
Vulnerability from cvelistv5
Published
2024-09-10 14:36
Modified
2024-09-10 15:58
Severity ?
EPSS score ?
Summary
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx | x_refsource_CONFIRM | |
| https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43796", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T15:58:36.256748Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T15:58:45.956Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "express", vendor: "expressjs", versions: [ { status: "affected", version: "< 4.20.0", }, { status: "affected", version: ">= 5.0.0-alpha.1, < 5.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T14:36:27.380Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, { name: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", tags: [ "x_refsource_MISC", ], url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, ], source: { advisory: "GHSA-qw6h-vgh9-j6wx", discovery: "UNKNOWN", }, title: "express vulnerable to XSS via response.redirect()", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-43796", datePublished: "2024-09-10T14:36:27.380Z", dateReserved: "2024-08-16T14:20:37.325Z", dateUpdated: "2024-09-10T15:58:45.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24999
Vulnerability from cvelistv5
Published
2022-11-26 00:00
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:29:01.569Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/expressjs/express/releases/tag/4.17.3", }, { tags: [ "x_transferred", ], url: "https://github.com/ljharb/qs/pull/428", }, { tags: [ "x_transferred", ], url: "https://github.com/n8tz/CVE-2022-24999", }, { name: "[debian-lts-announce] 20230130 [SECURITY] [DLA 3299-1] node-qs security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \"deps: qs@6.9.7\" in its release description, is not vulnerable).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:42.462757", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/expressjs/express/releases/tag/4.17.3", }, { url: "https://github.com/ljharb/qs/pull/428", }, { url: "https://github.com/n8tz/CVE-2022-24999", }, { name: "[debian-lts-announce] 20230130 [SECURITY] [DLA 3299-1] node-qs security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0005/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-24999", datePublished: "2022-11-26T00:00:00", dateReserved: "2022-02-14T00:00:00", dateUpdated: "2024-08-03T04:29:01.569Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-09-10 15:15
Modified
2024-09-20 16:07
Severity ?
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:*", matchCriteriaId: "490126A5-34FA-4D46-946F-8612A3E66AB1", versionEndExcluding: "4.20.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:alpha1:*:*:*:node.js:*:*", matchCriteriaId: "50C7D4CD-B4D9-433E-B3FC-AB309FA31CCA", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:alpha2:*:*:*:node.js:*:*", matchCriteriaId: "7DFB65DE-73BB-4BB5-84BA-67B187DD2DA9", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:alpha3:*:*:*:node.js:*:*", matchCriteriaId: "B709D2E7-2D50-4A90-B000-0DEB55B80682", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:alpha4:*:*:*:node.js:*:*", matchCriteriaId: "E388EA8E-03EF-41C9-98C6-68D96DAF92A8", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:alpha5:*:*:*:node.js:*:*", matchCriteriaId: "A7D7FA44-E213-4931-A92B-2C46CA1F6EC5", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:alpha6:*:*:*:node.js:*:*", matchCriteriaId: "EBFE2596-A7DE-455C-A59A-1B56ACA82D4F", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:alpha7:*:*:*:node.js:*:*", matchCriteriaId: "F68E52F1-1A06-45D4-8593-3D5D7EC32330", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:alpha8:*:*:*:node.js:*:*", matchCriteriaId: "0F5FEAD7-A1EB-4FB1-8B15-A717642961F0", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:beta1:*:*:*:node.js:*:*", matchCriteriaId: "2CC3B849-8DAF-47E5-A4EB-E93394C7396A", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:beta2:*:*:*:node.js:*:*", matchCriteriaId: "6058D4DD-DE9D-4AD9-87A0-22F81C33F81E", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:5.0.0:beta3:*:*:*:node.js:*:*", matchCriteriaId: "9852C6CE-F282-4B7D-9690-57E57FAC8B37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.", }, { lang: "es", value: "Express.js, el framework web minimalista para Node. En Express anterior a la versión 4.20.0, pasar una entrada de usuario no confiable (incluso después de desinfectarla) a response.redirect() puede ejecutar código no confiable. Este problema se solucionó en Express 4.20.0.", }, ], id: "CVE-2024-43796", lastModified: "2024-09-20T16:07:47.997", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-09-10T15:15:17.510", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-29 17:15
Modified
2024-11-06 23:08
Severity ?
4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.
The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.
This vulnerability is especially relevant for dynamic parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 36c7be3b-2937-45df-85ea-ca7133ea542c | https://www.herodevs.com/vulnerability-directory/cve-2024-10491 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:*", matchCriteriaId: "E54423CE-0344-49DB-9BAF-7DA1041AC966", versionEndIncluding: "3.21.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters.", }, { lang: "es", value: " Se ha identificado una vulnerabilidad en la función response.links de Express, que permite la inyección arbitraria de recursos en el encabezado Link cuando se utilizan datos no desinfectados. El problema surge de una desinfección incorrecta en los valores del encabezado `Link`, que puede permitir una combinación de caracteres como `,`, `;` y `<>` para precargar recursos maliciosos. Esta vulnerabilidad es especialmente relevante para los parámetros dinámicos.", }, ], id: "CVE-2024-10491", lastModified: "2024-11-06T23:08:49.780", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "36c7be3b-2937-45df-85ea-ca7133ea542c", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-29T17:15:03.853", references: [ { source: "36c7be3b-2937-45df-85ea-ca7133ea542c", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.herodevs.com/vulnerability-directory/cve-2024-10491", }, ], sourceIdentifier: "36c7be3b-2937-45df-85ea-ca7133ea542c", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "36c7be3b-2937-45df-85ea-ca7133ea542c", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-26 22:15
Modified
2024-11-21 06:51
Severity ?
Summary
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/expressjs/express/releases/tag/4.17.3 | Release Notes | |
| cve@mitre.org | https://github.com/ljharb/qs/pull/428 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/n8tz/CVE-2022-24999 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20230908-0005/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/expressjs/express/releases/tag/4.17.3 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ljharb/qs/pull/428 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/n8tz/CVE-2022-24999 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230908-0005/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qs_project | qs | * | |
| qs_project | qs | * | |
| qs_project | qs | * | |
| qs_project | qs | * | |
| qs_project | qs | * | |
| qs_project | qs | * | |
| qs_project | qs | * | |
| qs_project | qs | 6.4.0 | |
| qs_project | qs | 6.6.0 | |
| openjsf | express | * | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", matchCriteriaId: "F7960844-79EB-454C-BD4C-C79387E2E573", versionEndExcluding: "6.2.4", vulnerable: true, }, { criteria: "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", matchCriteriaId: "B836471B-BF39-4B52-B837-70B494D2C45F", versionEndExcluding: "6.3.3", versionStartIncluding: "6.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", matchCriteriaId: "DF319EA6-E68F-41A8-BB21-FE30F6BD1A9C", versionEndExcluding: "6.5.3", versionStartIncluding: "6.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", matchCriteriaId: "E43C2419-E3F8-4123-8FA8-A0C1B4244D77", versionEndExcluding: "6.7.3", versionStartIncluding: "6.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", matchCriteriaId: "BB20DBEF-67E2-49FB-BB55-C86F7A83028F", versionEndExcluding: "6.8.3", versionStartIncluding: "6.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", matchCriteriaId: "49C25B47-56FD-43BF-9DA4-A6100DD291EE", versionEndExcluding: "6.9.7", versionStartIncluding: "6.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", matchCriteriaId: "750DDAB9-4454-4087-8DA1-D05280F59081", versionEndExcluding: "6.10.3", versionStartIncluding: "6.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:qs_project:qs:6.4.0:*:*:*:*:node.js:*:*", matchCriteriaId: "535F43BA-C0A4-441A-A13C-A221ED855613", vulnerable: true, }, { criteria: "cpe:2.3:a:qs_project:qs:6.6.0:*:*:*:*:node.js:*:*", matchCriteriaId: "870A2680-00C2-43D2-9C4B-D8F52DB16AA1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:*", matchCriteriaId: "31382A93-AA97-4D14-ACF6-129F1BDDFD6D", versionEndExcluding: "4.17.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \"deps: qs@6.9.7\" in its release description, is not vulnerable).", }, { lang: "es", value: "qs anterior a 6.10.3, como se usa en Express anterior a 4.17.3 y otros productos, permite a los atacantes provocar que un proceso de Nodo se cuelgue para una aplicación Express porque se puede usar una clave __ proto__. En muchos casos de uso típicos de Express, un atacante remoto no autenticado puede colocar el payload del ataque en la cadena de consulta de la URL que se utiliza para visitar la aplicación, como a[__proto__]=b&a[__proto__]&a[length] =100000000. La solución se respaldó a qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3 y 6.2.4 (y por lo tanto a Express 4.17.3, que tiene \"deps : qs@6.9.7\" en la descripción de su versión, no es vulnerable).", }, ], id: "CVE-2022-24999", lastModified: "2024-11-21T06:51:31.643", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-26T22:15:10.153", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/expressjs/express/releases/tag/4.17.3", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/ljharb/qs/pull/428", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/n8tz/CVE-2022-24999", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20230908-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/expressjs/express/releases/tag/4.17.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/ljharb/qs/pull/428", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/n8tz/CVE-2022-24999", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20230908-0005/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1321", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-08-09 18:29
Modified
2024-11-21 02:14
Severity ?
Summary
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1203190 | Issue Tracking, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://nodesecurity.io/advisories/express-no-charset-in-content-type-header | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1203190 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/express-no-charset-in-content-type-header | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openjsf | express | * | |
| openjsf | express | 4.0.0 | |
| openjsf | express | 4.1.0 | |
| openjsf | express | 4.1.1 | |
| openjsf | express | 4.1.2 | |
| openjsf | express | 4.2.0 | |
| openjsf | express | 4.3.0 | |
| openjsf | express | 4.3.1 | |
| openjsf | express | 4.3.2 | |
| openjsf | express | 4.4.0 | |
| openjsf | express | 4.4.1 | |
| openjsf | express | 4.4.2 | |
| openjsf | express | 4.4.3 | |
| openjsf | express | 4.4.4 | |
| openjsf | express | 4.4.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openjsf:express:*:*:*:*:*:*:*:*", matchCriteriaId: "F3044B30-C7BD-4472-B79F-1B1CF6678B83", versionEndIncluding: "3.10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7048C98D-3862-4067-BBD9-FED2488EAAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "41978223-8371-41B6-A5AA-C270357ECE88", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.1.1:*:*:*:*:*:*:*", matchCriteriaId: "1DC94FA3-2F6E-4C11-AFF9-EBE99661E3CE", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.1.2:*:*:*:*:*:*:*", matchCriteriaId: "E3EE054C-7B48-46FC-B048-458A138718A5", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "5CAF101E-20FC-40EC-9566-6274E24D668D", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1E93C3DE-988C-47D9-84BB-0579D83A05C8", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E80EDF16-E5CF-4B61-B041-54D2D33B2A13", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.3.2:*:*:*:*:*:*:*", matchCriteriaId: "89706C45-EE55-4778-AE2A-53DCFFEC45D4", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "C29C2745-5E28-42EE-AA8D-5EAB394AC813", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "13FFEADC-67C9-4270-B832-696BF41ADE2F", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "7F8DC1AA-D87C-4DC6-9735-56A78719E96A", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.4.3:*:*:*:*:*:*:*", matchCriteriaId: "2B020CA0-739E-4404-A1D1-59B826F3DC3D", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.4.4:*:*:*:*:*:*:*", matchCriteriaId: "080B58C4-1910-43C5-AAF6-2134416E9685", vulnerable: true, }, { criteria: "cpe:2.3:a:openjsf:express:4.4.5:*:*:*:*:*:*:*", matchCriteriaId: "F71DFB79-FD8C-4470-8B3B-8FA1E4FE2F41", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.", }, { lang: "es", value: "El framework web Express en versiones anteriores a la 3.11 y en versiones 4.x anteriores a la 4.5 para Node.js no proporciona un campo charset en los encabezados HTTP Content-Type en respuestas de nivel 400. Esto permitiría que atacantes remotos llevasen a cabo ataques de tipo cross-site scripting (XSS) mediante caracteres en una codificación no estándar.", }, ], id: "CVE-2014-6393", lastModified: "2024-11-21T02:14:18.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-09T18:29:00.480", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1203190", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://nodesecurity.io/advisories/express-no-charset-in-content-type-header", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }