{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T15:13:32.951","vulnerabilities":[{"cve":{"id":"CVE-2024-43796","sourceIdentifier":"security-advisories@github.com","published":"2024-09-10T15:15:17.510","lastModified":"2024-09-20T16:07:47.997","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0."},{"lang":"es","value":"Express.js, el framework web minimalista para Node. En Express anterior a la versión 4.20.0, pasar una entrada de usuario no confiable (incluso después de desinfectarla) a response.redirect() puede ejecutar código no confiable. Este problema se solucionó en Express 4.20.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.20.0","matchCriteriaId":"490126A5-34FA-4D46-946F-8612A3E66AB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"50C7D4CD-B4D9-433E-B3FC-AB309FA31CCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"7DFB65DE-73BB-4BB5-84BA-67B187DD2DA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"B709D2E7-2D50-4A90-B000-0DEB55B80682"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"E388EA8E-03EF-41C9-98C6-68D96DAF92A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"A7D7FA44-E213-4931-A92B-2C46CA1F6EC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:alpha6:*:*:*:node.js:*:*","matchCriteriaId":"EBFE2596-A7DE-455C-A59A-1B56ACA82D4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:alpha7:*:*:*:node.js:*:*","matchCriteriaId":"F68E52F1-1A06-45D4-8593-3D5D7EC32330"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:alpha8:*:*:*:node.js:*:*","matchCriteriaId":"0F5FEAD7-A1EB-4FB1-8B15-A717642961F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:beta1:*:*:*:node.js:*:*","matchCriteriaId":"2CC3B849-8DAF-47E5-A4EB-E93394C7396A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:beta2:*:*:*:node.js:*:*","matchCriteriaId":"6058D4DD-DE9D-4AD9-87A0-22F81C33F81E"},{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:express:5.0.0:beta3:*:*:*:node.js:*:*","matchCriteriaId":"9852C6CE-F282-4B7D-9690-57E57FAC8B37"}]}]}],"references":[{"url":"https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}