CVE-2024-9266

NameCVE-2024-9266
DescriptionURL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-express (PTS)jessie, stretch4.1.1~dfsg-1fixed
buster4.16.4-1fixed
bullseye4.17.1-3fixed
bookworm4.18.2+~4.17.14-1fixed
sid, trixie4.21.0+~cs8.36.26-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-expresssource(unstable)(not affected)

Notes

- node-express <not-affected> (Vulnerable version never uploaded to the archive)
https://www.herodevs.com/vulnerability-directory/cve-2024-9266

Search for package or bug name: Reporting problems