Base Score

MEDIUM4.7

CVE-2024-9266

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.

VectorNETWORK

Published By36c7be3b-2937-45df-85ea-ca7133ea542c

Published DateOct 03, 2024, 19:15

Affected Versions(1)

express(npm)

Introduced3.4.5

Fixed4.0.0-rc1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
express(npm)	3.4.5	4.0.0-rc1	N/A

Weakness Type (CWE):CWE-601

CVSS Metrics

Base Score

4.7

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

https://www.herodevs.com/vulnerability-directory/cve-2024-9266

Base Score

MEDIUM4.7

Weakness Type (CWE):CWE-601

CVSS Metrics

Base Score

4.7

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE