CVE-2024-10491 - Vulnerability Details

Vendors	Products
Expressjs	Express
Openjsf	Express

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-10491
https://www.cve.org/CVERecord?id=CVE-2024-10491
https://www.herodevs.com/vulnerability-directory/cve-2024-10491

Type	Values Removed	Values Added
First Time appeared		Openjsf Openjsf express
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:openjsf:express::::::node.js::*
Vendors & Products		Openjsf Openjsf express

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-10491 https://www.cve.org/CVERecord?id=CVE-2024-10491
Metrics	threat_severity `None`	threat_severity `Moderate`

Type	Values Removed	Values Added
First Time appeared		Expressjs Expressjs express
CPEs		cpe:2.3:a:expressjs:express::::::::
Vendors & Products		Expressjs Expressjs express
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.
Title		Preload arbitrary resources by injecting additional `Link` headers
Weaknesses		CWE-74
References		https://www.herodevs.com/vulnerability-directory/cve-2024-10491
Metrics		cvssV3_1 `{'score': 4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10491", "assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c", "state": "PUBLISHED", "assignerShortName": "HeroDevs", "dateReserved": "2024-10-29T11:53:00.416Z", "datePublished": "2024-10-29T16:23:21.219Z", "dateUpdated": "2024-10-29T19:44:30.890Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.npmjs.com/package/express", "defaultStatus": "unaffected", "packageName": "express", "product": "express", "repo": "https://github.com/expressjs/express", "vendor": "express", "versions": [{"lessThanOrEqual": "3.21.2", "status": "affected", "version": "3.0.0-alpha1", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "abze"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A vulnerability has been identified in the Express <em>response.links</em>&nbsp;function, allowing for arbitrary resource injection in the <em>Link</em>&nbsp;header when unsanitized data is used.</p><p>The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `&lt;&gt;` to preload malicious resources.</p><p>This vulnerability is especially relevant for dynamic parameters.</p><br>"}], "value": "A vulnerability has been identified in the Express response.links\u00a0function, allowing for arbitrary resource injection in the Link\u00a0header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters."}], "impacts": [{"capecId": "CAPEC-240", "descriptions": [{"lang": "en", "value": "CAPEC-240 Resource Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c", "shortName": "HeroDevs", "dateUpdated": "2024-10-29T16:26:16.251Z"}, "references": [{"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-10491"}], "source": {"discovery": "UNKNOWN"}, "title": "Preload arbitrary resources by injecting additional `Link` headers", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "expressjs", "product": "express", "cpes": ["cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0.0-alpha1", "status": "affected", "lessThanOrEqual": "3.21.2", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-29T19:42:55.922371Z", "id": "CVE-2024-10491", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T19:44:30.890Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-10491 (string)

assignerOrgId : 36c7be3b-2937-45df-85ea-ca7133ea542c (string)

state : PUBLISHED (string)

assignerShortName : HeroDevs (string)

dateReserved : 2024-10-29T11:53:00.416Z (string)

datePublished : 2024-10-29T16:23:21.219Z (string)

dateUpdated : 2024-10-29T19:44:30.890Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

collectionURL : https://www.npmjs.com/package/express (string)

defaultStatus : unaffected (string)

packageName : express (string)

product : express (string)

repo : https://github.com/expressjs/express (string)

vendor : express (string)

versions : [ »

0 : { »

lessThanOrEqual : 3.21.2 (string)

status : affected (string)

version : 3.0.0-alpha1 (string)

versionType : semver (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : abze (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.This vulnerability is especially relevant for dynamic parameters. (string)

}

]

value : A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. (string)

}

]

impacts : [ »

0 : { »

capecId : CAPEC-240 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-240 Resource Injection (string)

}

]

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-74 (string)

description : CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 36c7be3b-2937-45df-85ea-ca7133ea542c (string)

shortName : HeroDevs (string)

dateUpdated : 2024-10-29T16:26:16.251Z (string)

}

references : [ »

0 : { »

url : https://www.herodevs.com/vulnerability-directory/cve-2024-10491 (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : Preload arbitrary resources by injecting additional `Link` headers (string)

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

adp : [ »

0 : { »

affected : [ »

0 : { »

vendor : expressjs (string)

product : express (string)

cpes : [ »

0 : cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 3.0.0-alpha1 (string)

status : affected (string)

lessThanOrEqual : 3.21.2 (string)

versionType : semver (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-10-29T19:42:55.922371Z (string)

id : CVE-2024-10491 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-29T19:44:30.890Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10491", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-29T19:42:55.922371Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*"], "vendor": "expressjs", "product": "express", "versions": [{"status": "affected", "version": "3.0.0-alpha1", "versionType": "semver", "lessThanOrEqual": "3.21.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T19:44:25.247Z"}}], "cna": {"title": "Preload arbitrary resources by injecting additional `Link` headers", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "abze"}], "impacts": [{"capecId": "CAPEC-240", "descriptions": [{"lang": "en", "value": "CAPEC-240 Resource Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/expressjs/express", "vendor": "express", "product": "express", "versions": [{"status": "affected", "version": "3.0.0-alpha1", "versionType": "semver", "lessThanOrEqual": "3.21.2"}], "packageName": "express", "collectionURL": "https://www.npmjs.com/package/express", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.herodevs.com/vulnerability-directory/cve-2024-10491"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the Express response.links\u00a0function, allowing for arbitrary resource injection in the Link\u00a0header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters.", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability has been identified in the Express <em>response.links</em>&nbsp;function, allowing for arbitrary resource injection in the <em>Link</em>&nbsp;header when unsanitized data is used.</p><p>The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `&lt;&gt;` to preload malicious resources.</p><p>This vulnerability is especially relevant for dynamic parameters.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c", "shortName": "HeroDevs", "dateUpdated": "2024-10-29T16:26:16.251Z"}}}, "cveMetadata": {"cveId": "CVE-2024-10491", "state": "PUBLISHED", "dateUpdated": "2024-10-29T19:44:30.890Z", "dateReserved": "2024-10-29T11:53:00.416Z", "assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c", "datePublished": "2024-10-29T16:23:21.219Z", "assignerShortName": "HeroDevs"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-10491 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-10-29T19:42:55.922371Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:* (string)

]

vendor : expressjs (string)

product : express (string)

versions : [ »

0 : { »

status : affected (string)

version : 3.0.0-alpha1 (string)

versionType : semver (string)

lessThanOrEqual : 3.21.2 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-10-29T19:44:25.247Z (string)

}

]

cna : { »

title : Preload arbitrary resources by injecting additional `Link` headers (string)

source : { »

discovery : UNKNOWN (string)

}

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : abze (string)

}

]

impacts : [ »

0 : { »

capecId : CAPEC-240 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : CAPEC-240 Resource Injection (string)

}

]

}

]

metrics : [ »

0 : { »

format : CVSS (string)

cvssV3_1 : { »

scope : CHANGED (string)

version : 3.1 (string)

baseScore : 4 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N (string)

integrityImpact : NONE (string)

userInteraction : NONE (string)

attackComplexity : HIGH (string)

availabilityImpact : NONE (string)

privilegesRequired : NONE (string)

confidentialityImpact : LOW (string)

}

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

affected : [ »

0 : { »

repo : https://github.com/expressjs/express (string)

vendor : express (string)

product : express (string)

versions : [ »

0 : { »

status : affected (string)

version : 3.0.0-alpha1 (string)

versionType : semver (string)

lessThanOrEqual : 3.21.2 (string)

}

]

packageName : express (string)

collectionURL : https://www.npmjs.com/package/express (string)

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://www.herodevs.com/vulnerability-directory/cve-2024-10491 (string)

}

]

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.This vulnerability is especially relevant for dynamic parameters. (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-74 (string)

description : CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (string)

}

]

}

]

providerMetadata : { »

orgId : 36c7be3b-2937-45df-85ea-ca7133ea542c (string)

shortName : HeroDevs (string)

dateUpdated : 2024-10-29T16:26:16.251Z (string)

}

cveMetadata : { »

cveId : CVE-2024-10491 (string)

state : PUBLISHED (string)

dateUpdated : 2024-10-29T19:44:30.890Z (string)

dateReserved : 2024-10-29T11:53:00.416Z (string)

assignerOrgId : 36c7be3b-2937-45df-85ea-ca7133ea542c (string)

datePublished : 2024-10-29T16:23:21.219Z (string)

assignerShortName : HeroDevs (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E54423CE-0344-49DB-9BAF-7DA1041AC966", "versionEndIncluding": "3.21.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in the Express response.links\u00a0function, allowing for arbitrary resource injection in the Link\u00a0header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters."}, {"lang": "es", "value": " Se ha identificado una vulnerabilidad en la funci\u00f3n response.links de Express, que permite la inyecci\u00f3n arbitraria de recursos en el encabezado Link cuando se utilizan datos no desinfectados. El problema surge de una desinfecci\u00f3n incorrecta en los valores del encabezado `Link`, que puede permitir una combinaci\u00f3n de caracteres como `,`, `;` y `&lt;&gt;` para precargar recursos maliciosos. Esta vulnerabilidad es especialmente relevante para los par\u00e1metros din\u00e1micos."}], "id": "CVE-2024-10491", "lastModified": "2024-11-06T23:08:49.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "type": "Secondary"}]}, "published": "2024-10-29T17:15:03.853", "references": [{"source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.herodevs.com/vulnerability-directory/cve-2024-10491"}], "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:* (string)

matchCriteriaId : E54423CE-0344-49DB-9BAF-7DA1041AC966 (string)

versionEndIncluding : 3.21.4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. (string)

}

1 : { »

lang : es (string)

value : Se ha identificado una vulnerabilidad en la función response.links de Express, que permite la inyección arbitraria de recursos en el encabezado Link cuando se utilizan datos no desinfectados. El problema surge de una desinfección incorrecta en los valores del encabezado `Link`, que puede permitir una combinación de caracteres como `,`, `;` y `<>` para precargar recursos maliciosos. Esta vulnerabilidad es especialmente relevante para los parámetros dinámicos. (string)

}

]

id : CVE-2024-10491 (string)

lastModified : 2024-11-06T23:08:49.780 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.2 (number)

impactScore : 1.4 (number)

source : 36c7be3b-2937-45df-85ea-ca7133ea542c (string)

type : Secondary (string)

}

]

}

published : 2024-10-29T17:15:03.853 (string)

references : [ »

0 : { »

source : 36c7be3b-2937-45df-85ea-ca7133ea542c (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://www.herodevs.com/vulnerability-directory/cve-2024-10491 (string)

}

]

sourceIdentifier : 36c7be3b-2937-45df-85ea-ca7133ea542c (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-74 (string)

}

]

source : 36c7be3b-2937-45df-85ea-ca7133ea542c (string)

type : Secondary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "express: Preload arbitrary resources by injecting additional `Link` headers", "id": "2322502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322502"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-74", "details": ["A vulnerability has been identified in the Express response.links\u00a0function, allowing for arbitrary resource injection in the Link\u00a0header when unsanitized data is used.\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\nThis vulnerability is especially relevant for dynamic parameters.", "A flaw was found in the Express Node.js framework. In certain versions, an attacker may be able to trigger an arbitrary resource injection attack via the link\u00a0header when unsanitized data is used."], "name": "CVE-2024-10491", "package_state": [{"cpe": "cpe:/a:redhat:amq_interconnect:1", "fix_state": "Not affected", "package_name": "qpid-dispatch", "product_name": "A-MQ Interconnect 1"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-view-plugin-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Not affected", "package_name": "mta/mta-cli-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Not affected", "package_name": "mta/mta-ui-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Not affected", "package_name": "rhmtc/openshift-migration-ui-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Not affected", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/multicluster-engine-console-mce-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Not affected", "package_name": "network-observability/network-observability-console-plugin-rhel9", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Not affected", "package_name": "workload-availability/node-remediation-console-rhel8", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Not affected", "package_name": "openshift-pipelines-console-plugin-rhel8-container", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Not affected", "package_name": "openshift-pipelines/pipelines-hub-api-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Not affected", "package_name": "openshift-pipelines/pipelines-hub-db-migration-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Not affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-ossmc-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Not affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "aap-cloud-ui-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-24/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-eda-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:hybrid_cloud_gateway:1::el9", "fix_state": "Not affected", "package_name": "rhcl-console-plugin-container", "product_name": "Red Hat Connectivity Link"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:discovery:1", "fix_state": "Not affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "cldr-emoji-annotation", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "cldr-emoji-annotation", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "polkit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "odh-dashboard-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "odh-operator-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/nmstate-console-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-networking-console-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/mcg-core-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-client-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-console-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-multicluster-console-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-operator-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-rhel8-operator", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Not affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-all-in-one-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-es-index-cleaner-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-es-rollover-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-ingester-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/console-plugin-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-argocd-rhel9-container", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:17.1", "fix_state": "Not affected", "package_name": "qpid-dispatch", "product_name": "Red Hat OpenStack Platform 17.1"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "qpid-dispatch", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite-capsule:el8/qpid-dispatch", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite:el8/qpid-dispatch", "product_name": "Red Hat Satellite 6"}], "public_date": "2024-10-29T16:23:21Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-10491\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-10491\nhttps://www.herodevs.com/vulnerability-directory/cve-2024-10491"], "statement": "This CVE affects Express versions 3.21.4 and prior, which have reached end of life status. No Red Hat products are affected by this vulnerability.", "threat_severity": "Moderate"}

{

bugzilla : { »

description : express: Preload arbitrary resources by injecting additional `Link` headers (string)

id : 2322502 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2322502 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.4 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N (string)

status : draft (string)

}

cwe : CWE-74 (string)

details : [ »

0 : A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters. (string)

1 : A flaw was found in the Express Node.js framework. In certain versions, an attacker may be able to trigger an arbitrary resource injection attack via the link header when unsanitized data is used. (string)

]

name : CVE-2024-10491 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:amq_interconnect:1 (string)