Bug 2311152 (CVE-2024-43796)

Summary: CVE-2024-43796 express: Improper Input Handling in Express Redirects
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aarif, aazores, adudiak, adupliak, akostadi, amasferr, amctagga, anjoseph, anli, anpicker, ansmith, aprice, asoldano, bbaranow, bbuckingham, bdettelb, bmaxwell, brian.stansberry, brking, caswilli, cbartlet, cdaley, cdewolf, chazlett, cmiranda, danken, darran.lofthouse, dbosanac, dhanak, dholler, dkreling, dkuc, dmayorov, doconnor, dosoudil, dsimansk, dymurray, eaguilar, ebaron, ecerquei, eglynn, ehelms, eric.wittmann, fdeutsch, fjansen, fjuma, ggainey, gkamathe, gmalinko, gotiwari, gparvin, gtanzill, haoli, hasun, hkataria, ibek, ibolton, istudens, ivassile, iweiss, janstey, jcammara, jcantril, jchui, jjoyce, jkang, jkoehler, jlledo, jmatthew, jmitchel, jmontleo, jneedle, jowilson, jpallich, jprabhak, jreimann, jrokos, jross, jsamir, jschluet, juwatts, jwendell, jwong, kaycoth, kingland, kshier, ktsao, kverlaen, lbainbri, lgao, lhh, lsvaty, mabashia, matzew, mburns, mdessi, mgarciac, mhulan, mjaros, mkleinhe, mkudlej, mmakovy, mnovotny, mosmerov, mpierce, mrizzi, msochure, msvehla, mulliken, mvyas, mwringe, nboldt, nipatil, njean, nmoumoul, nwallace, nyancey, omaciel, ometelka, oramraz, owatkins, pahickey, pantinor, parichar, pbraun, pcattana, pcongius, pcreech, pdelbell, pgaikwad, pgrist, phoracek, pierdipi, pjindal, pmackay, ptisnovs, rcernich, rchan, rguimara, rhaigner, rhos-maint, rhuss, rjohnson, rkubis, rstancel, rstepani, rtaniwa, saroy, sdawley, sfroberg, simaishi, slucidi, smaestri, smcdonal, smullick, sseago, stcannon, stirabos, syedriko, tasato, teagle, tfister, thavo, tjochec, tkral, tom.jenkinson, twalsh, wtam, wzheng, xdharmai, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2311374, 2311376, 2311411, 2311413, 2311415, 2311526, 2311529, 2290912, 2311373, 2311375, 2311377, 2311378, 2311379, 2311380, 2311381, 2311382, 2311383, 2311384, 2311385, 2311386, 2311387, 2311388, 2311389, 2311390, 2311391, 2311392, 2311393, 2311394, 2311395, 2311396, 2311397, 2311398, 2311399, 2311400, 2311401, 2311402, 2311403, 2311404, 2311405, 2311406, 2311407, 2311408, 2311409, 2311410, 2311412, 2311414, 2311525, 2311527, 2311528, 2311530, 2311531, 2311532, 2311533, 2311534, 2311535, 2311536    
Bug Blocks:    

Description OSIDB Bzimport 2024-09-10 15:30:52 UTC 
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
Comment 1 errata-xmlrpc 2024-10-07 09:24:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.6 for RHEL 8
  Red Hat OpenShift Service Mesh 2.6 for RHEL 9

Via RHSA-2024:7726 https://access.redhat.com/errata/RHSA-2024:7726
Comment 2 errata-xmlrpc 2024-10-14 01:00:29 UTC 
This issue has been addressed in the following products:

  RHOSS-1.34-RHEL-8

Via RHSA-2024:8023 https://access.redhat.com/errata/RHSA-2024:8023
Comment 3 errata-xmlrpc 2024-10-22 01:06:31 UTC 
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.7.0-RHEL-9

Via RHSA-2024:8014 https://access.redhat.com/errata/RHSA-2024:8014
Comment 4 errata-xmlrpc 2024-10-30 14:34:05 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2024:8676 https://access.redhat.com/errata/RHSA-2024:8676
Comment 5 errata-xmlrpc 2024-12-10 01:37:45 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.8

Via RHSA-2024:10906 https://access.redhat.com/errata/RHSA-2024:10906
Comment 6 errata-xmlrpc 2024-12-12 20:00:42 UTC 
This issue has been addressed in the following products:

  HawtIO 4.0.0 for Red Hat build of Apache Camel 4

Via RHSA-2024:11023 https://access.redhat.com/errata/RHSA-2024:11023
Comment 7 errata-xmlrpc 2025-01-08 10:04:07 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2025:0079 https://access.redhat.com/errata/RHSA-2025:0079
Comment 8 errata-xmlrpc 2025-01-08 11:31:34 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2025:0082 https://access.redhat.com/errata/RHSA-2025:0082
Comment 9 errata-xmlrpc 2025-01-09 11:28:20 UTC 
This issue has been addressed in the following products:

  RHODF-4.15-RHEL-9

Via RHSA-2025:0164 https://access.redhat.com/errata/RHSA-2025:0164
Comment 10 errata-xmlrpc 2025-01-15 01:19:44 UTC 
This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2025:0323 https://access.redhat.com/errata/RHSA-2025:0323
Comment 12 errata-xmlrpc 2025-02-05 10:48:55 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875