CVE-2024-43800

Published September 10th, 2024

View on NVD ↗

CVSS v3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

expressjs/serve-static

Serve static files

GitHub

1.42K