CVE-2024-9266: Express Open Redirect vulnerability

October 3, 2024 (updated October 9, 2024)

URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0-rc1.

References

github.com/advisories/GHSA-jj78-5fmv-mv28
github.com/expressjs/express
github.com/expressjs/express/compare/3.4.4...3.4.5
nvd.nist.gov/vuln/detail/CVE-2024-9266
www.herodevs.com/vulnerability-directory/cve-2024-9266

Code Behaviors & Features

Detect and mitigate CVE-2024-9266 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →