Bug 2316353 (CVE-2024-9266) - CVE-2024-9266 express: URL redirection vulnerability
Summary: CVE-2024-9266 express: URL redirection vulnerability
Keywords:
Status: NEW
Alias: CVE-2024-9266
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-03 19:20 UTC by OSIDB Bzimport
Modified: 2024-10-15 06:43 UTC (History)
190 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Express package for Node.js. Certain versions are vulnerable to an open redirect attack, a URL redirection to an untrusted site, via the Express 3 Response object. This flaw may allow a user to be redirected to an untrusted page containing malware, which may compromise the user's machine.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-03 19:20:31 UTC 
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
Note You need to log in before you can comment on or make changes to this bug.