CVE-2024-43796

Published: 2024-09-10T15:15Z

Last Modified: 2024-09-20T16:07Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt