Bug 2311152 (CVE-2024-43796) - CVE-2024-43796 express: Improper Input Handling in Express Redirects
Summary: CVE-2024-43796 express: Improper Input Handling in Express Redirects
Keywords:
Status: NEW
Alias: CVE-2024-43796
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2311374 2311376 2311411 2311413 2311415 2311526 2311529 2290912 2311373 2311375 2311377 2311378 2311379 2311380 2311381 2311382 2311383 2311384 2311385 2311386 2311387 2311388 2311389 2311390 2311391 2311392 2311393 2311394 2311395 2311396 2311397 2311398 2311399 2311400 2311401 2311402 2311403 2311404 2311405 2311406 2311407 2311408 2311409 2311410 2311412 2311414 2311525 2311527 2311528 2311530 2311531 2311532 2311533 2311534 2311535 2311536
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-10 15:30 UTC by OSIDB Bzimport
Modified: 2025-05-22 00:14 UTC (History)
172 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:10906 0 None None None 2024-12-10 01:37:54 UTC
Red Hat Product Errata RHSA-2024:11023 0 None None None 2024-12-12 20:00:51 UTC
Red Hat Product Errata RHSA-2024:7726 0 None None None 2024-10-07 09:25:09 UTC
Red Hat Product Errata RHSA-2024:8014 0 None None None 2024-10-22 01:06:39 UTC
Red Hat Product Errata RHSA-2024:8023 0 None None None 2024-10-14 01:00:38 UTC
Red Hat Product Errata RHSA-2024:8676 0 None None None 2024-10-30 14:34:14 UTC
Red Hat Product Errata RHSA-2025:0079 0 None None None 2025-01-08 10:04:17 UTC
Red Hat Product Errata RHSA-2025:0082 0 None None None 2025-01-08 11:31:44 UTC
Red Hat Product Errata RHSA-2025:0164 0 None None None 2025-01-09 11:28:30 UTC
Red Hat Product Errata RHSA-2025:0323 0 None None None 2025-01-15 01:19:54 UTC
Red Hat Product Errata RHSA-2025:0875 0 None None None 2025-02-05 10:49:04 UTC

Description OSIDB Bzimport 2024-09-10 15:30:52 UTC 
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.
Comment 1 errata-xmlrpc 2024-10-07 09:24:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.6 for RHEL 8
  Red Hat OpenShift Service Mesh 2.6 for RHEL 9

Via RHSA-2024:7726 https://access.redhat.com/errata/RHSA-2024:7726
Comment 2 errata-xmlrpc 2024-10-14 01:00:29 UTC 
This issue has been addressed in the following products:

  RHOSS-1.34-RHEL-8

Via RHSA-2024:8023 https://access.redhat.com/errata/RHSA-2024:8023
Comment 3 errata-xmlrpc 2024-10-22 01:06:31 UTC 
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.7.0-RHEL-9

Via RHSA-2024:8014 https://access.redhat.com/errata/RHSA-2024:8014
Comment 4 errata-xmlrpc 2024-10-30 14:34:05 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2024:8676 https://access.redhat.com/errata/RHSA-2024:8676
Comment 5 errata-xmlrpc 2024-12-10 01:37:45 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.8

Via RHSA-2024:10906 https://access.redhat.com/errata/RHSA-2024:10906
Comment 6 errata-xmlrpc 2024-12-12 20:00:42 UTC 
This issue has been addressed in the following products:

  HawtIO 4.0.0 for Red Hat build of Apache Camel 4

Via RHSA-2024:11023 https://access.redhat.com/errata/RHSA-2024:11023
Comment 7 errata-xmlrpc 2025-01-08 10:04:07 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2025:0079 https://access.redhat.com/errata/RHSA-2025:0079
Comment 8 errata-xmlrpc 2025-01-08 11:31:34 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2025:0082 https://access.redhat.com/errata/RHSA-2025:0082
Comment 9 errata-xmlrpc 2025-01-09 11:28:20 UTC 
This issue has been addressed in the following products:

  RHODF-4.15-RHEL-9

Via RHSA-2025:0164 https://access.redhat.com/errata/RHSA-2025:0164
Comment 10 errata-xmlrpc 2025-01-15 01:19:44 UTC 
This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2025:0323 https://access.redhat.com/errata/RHSA-2025:0323
Comment 12 errata-xmlrpc 2025-02-05 10:48:55 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875
Note You need to log in before you can comment on or make changes to this bug.