Bug 2311154 (CVE-2024-43800) - CVE-2024-43800 serve-static: Improper Sanitization in serve-static
Summary: CVE-2024-43800 serve-static: Improper Sanitization in serve-static
Keywords:
Status: NEW
Alias: CVE-2024-43800
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2311498 2311499 2311502 2311510 2311522 2311480 2311481 2311482 2311483 2311484 2311485 2311486 2311487 2311488 2311489 2311490 2311491 2311492 2311493 2311494 2311495 2311496 2311500 2311501 2311503 2311504 2311505 2311506 2311507 2311508 2311509 2311511 2311512 2311513 2311514 2311515 2311516 2311517 2311518 2311519 2311520 2311521
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-10 15:30 UTC by OSIDB Bzimport
Modified: 2025-06-17 08:29 UTC (History)
152 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:10906 0 None None None 2024-12-10 01:37:40 UTC
Red Hat Product Errata RHSA-2024:11023 0 None None None 2024-12-12 20:01:05 UTC
Red Hat Product Errata RHSA-2024:7724 0 None None None 2024-10-07 09:22:52 UTC
Red Hat Product Errata RHSA-2024:7725 0 None None None 2024-10-07 09:26:03 UTC
Red Hat Product Errata RHSA-2024:7726 0 None None None 2024-10-07 09:25:20 UTC
Red Hat Product Errata RHSA-2024:8014 0 None None None 2024-10-22 01:06:59 UTC
Red Hat Product Errata RHSA-2024:8023 0 None None None 2024-10-14 01:00:45 UTC
Red Hat Product Errata RHSA-2024:8676 0 None None None 2024-10-30 14:34:16 UTC
Red Hat Product Errata RHSA-2025:0079 0 None None None 2025-01-08 10:04:16 UTC
Red Hat Product Errata RHSA-2025:0082 0 None None None 2025-01-08 11:32:00 UTC
Red Hat Product Errata RHSA-2025:0164 0 None None None 2025-01-09 11:28:44 UTC
Red Hat Product Errata RHSA-2025:0323 0 None None None 2025-01-15 01:19:50 UTC
Red Hat Product Errata RHSA-2025:0875 0 None None None 2025-02-05 10:49:25 UTC

Description OSIDB Bzimport 2024-09-10 15:30:58 UTC 
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
Comment 1 errata-xmlrpc 2024-10-07 09:22:45 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.4 for RHEL 8

Via RHSA-2024:7724 https://access.redhat.com/errata/RHSA-2024:7724
Comment 2 errata-xmlrpc 2024-10-07 09:25:13 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.6 for RHEL 8
  Red Hat OpenShift Service Mesh 2.6 for RHEL 9

Via RHSA-2024:7726 https://access.redhat.com/errata/RHSA-2024:7726
Comment 3 errata-xmlrpc 2024-10-07 09:25:55 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.5 for RHEL 8

Via RHSA-2024:7725 https://access.redhat.com/errata/RHSA-2024:7725
Comment 4 errata-xmlrpc 2024-10-14 01:00:38 UTC 
This issue has been addressed in the following products:

  RHOSS-1.34-RHEL-8

Via RHSA-2024:8023 https://access.redhat.com/errata/RHSA-2024:8023
Comment 5 errata-xmlrpc 2024-10-22 01:06:51 UTC 
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.7.0-RHEL-9

Via RHSA-2024:8014 https://access.redhat.com/errata/RHSA-2024:8014
Comment 6 errata-xmlrpc 2024-10-30 14:34:07 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2024:8676 https://access.redhat.com/errata/RHSA-2024:8676
Comment 7 errata-xmlrpc 2024-12-10 01:37:31 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.8

Via RHSA-2024:10906 https://access.redhat.com/errata/RHSA-2024:10906
Comment 8 errata-xmlrpc 2024-12-12 20:00:56 UTC 
This issue has been addressed in the following products:

  HawtIO 4.0.0 for Red Hat build of Apache Camel 4

Via RHSA-2024:11023 https://access.redhat.com/errata/RHSA-2024:11023
Comment 9 errata-xmlrpc 2025-01-08 10:04:08 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2025:0079 https://access.redhat.com/errata/RHSA-2025:0079
Comment 10 errata-xmlrpc 2025-01-08 11:31:51 UTC 
This issue has been addressed in the following products:

  RHODF-4.16-RHEL-9

Via RHSA-2025:0082 https://access.redhat.com/errata/RHSA-2025:0082
Comment 11 errata-xmlrpc 2025-01-09 11:28:35 UTC 
This issue has been addressed in the following products:

  RHODF-4.15-RHEL-9

Via RHSA-2025:0164 https://access.redhat.com/errata/RHSA-2025:0164
Comment 12 errata-xmlrpc 2025-01-15 01:19:42 UTC 
This issue has been addressed in the following products:

  RHODF-4.14-RHEL-9

Via RHSA-2025:0323 https://access.redhat.com/errata/RHSA-2025:0323
Comment 14 errata-xmlrpc 2025-02-05 10:49:16 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875
Note You need to log in before you can comment on or make changes to this bug.