// For flags

CVE-2024-10491

Preload arbitrary resources by injecting additional `Link` headers

Severity Score

4.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.

The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.

This vulnerability is especially relevant for dynamic parameters.

Se ha identificado una vulnerabilidad en la función response.links de Express, que permite la inyección arbitraria de recursos en el encabezado Link cuando se utilizan datos no desinfectados. El problema surge de una desinfección incorrecta en los valores del encabezado `Link`, que puede permitir una combinación de caracteres como `,`, `;` y `&lt;&gt;` para precargar recursos maliciosos. Esta vulnerabilidad es especialmente relevante para los parámetros dinámicos.

*Credits: abze
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-10-29 CVE Reserved
  • 2024-10-29 CVE Published
  • 2024-10-29 CVE Updated
  • 2024-11-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
  • CAPEC-240: Resource Injection
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Express
Search vendor "Express"
Express
Search vendor "Express" for product "Express"
>= 3.0.0-alpha1 <= 3.21.2
Search vendor "Express" for product "Express" and version " >= 3.0.0-alpha1 <= 3.21.2"
en
Affected