Openjsf Express
5 CVEs affecting Openjsf Express. Latest disclosed: 2024-10-29. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-24999 | High | 7.5 | 2022-11-26 | qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ p… |
CVE-2024-29041 | Medium | 6.1 | 2024-03-25 | Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open… |
CVE-2014-6393 | Medium | 6.1 | 2017-08-09 | The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, whic… |
CVE-2024-43796 | Medium | 5.0 | 2024-09-10 | Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute… |
CVE-2024-10491 | Medium | 4.0 | 2024-10-29 | A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data… |