CVE-2024-43800

Published: 2024-09-10T15:15Z

Last Modified: 2024-09-20T17:36Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt