Vulnerability CVE-2024-43796


Published: 2024-09-10

Description:
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553

Copyright 2026, cxsecurity.com

 

Back to Top