CVE-2024-10491

CVSS V2 None CVSS V3 None
Description
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.
Overview
  • CVE ID
  • CVE-2024-10491
  • Assigner
  • HeroDevs
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-10-29T16:23:21.219Z
  • Last Modified Date
  • 2024-10-29T19:44:30.890Z
References
History
Created Old Value New Value Data Type Notes
2024-10-30 13:25:51 Added to TrackCVE