| CVE-2014-6393 |
medium |
6.1 |
6.1 |
|
|
|
9y ago |
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduc… |
| CVE-2024-51999 |
unknown |
— |
— |
|
|
|
6mo ago |
Withdrawn Advisory: express improperly controls modification of query properties |
| CVE-2024-10491 |
unknown |
— |
— |
|
|
|
2y ago |
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper… |
| CVE-2024-9266 |
unknown |
— |
— |
|
|
|
2y ago |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0. |
| CVE-2024-43796 |
unknown |
— |
— |
|
|
|
2y ago |
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched i… |
| CVE-2024-29041 |
unknown |
— |
— |
|
|
|
2y ago |
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed … |
