CVE-2024-43800: serve-static vulnerable to template injection that can lead to XSS
(updated )
passing untrusted user input - even after sanitizing it - to redirect()
may execute untrusted code
References
- github.com/advisories/GHSA-cm22-4g7w-348p
- github.com/expressjs/serve-static
- github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
- github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
- github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
- nvd.nist.gov/vuln/detail/CVE-2024-43800
Detect and mitigate CVE-2024-43800 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →