CVE-2024-43799 – send vulnerable to template injection that can lead to XSS

https://notcve.org/view.php?id=CVE-2024-43799

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0. Send es una librería para transmitir archivos desde el sistema de archivos como una respuesta http. Send pasa la entrada de usuario no confiable a SendStream.redirect(), que ejecuta código no confiable. • https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •