CVE-2024-10491
CVE-2024-10491
Título es
CVE-2024-10491
Mar, 29/10/2024 – 17:15
Tipo
CWE-74
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-10491
Descripción en
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.
The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and « to preload malicious resources.
This vulnerability is especially relevant for dynamic parameters.
29/10/2024
29/10/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
4.00
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Enviar en el boletín
Off
