CVE-2024-10491
Preload arbitrary resources by injecting additional `Link` headers
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.
The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.
This vulnerability is especially relevant for dynamic parameters.
Se ha identificado una vulnerabilidad en la función response.links de Express, que permite la inyección arbitraria de recursos en el encabezado Link cuando se utilizan datos no desinfectados. El problema surge de una desinfección incorrecta en los valores del encabezado `Link`, que puede permitir una combinación de caracteres como `,`, `;` y `<>` para precargar recursos maliciosos. Esta vulnerabilidad es especialmente relevante para los parámetros dinámicos.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-10-29 CVE Reserved
- 2024-10-29 CVE Published
- 2024-10-29 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CAPEC
- CAPEC-240: Resource Injection
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Express Search vendor "Express" | Express Search vendor "Express" for product "Express" | >= 3.0.0-alpha1 <= 3.21.2 Search vendor "Express" for product "Express" and version " >= 3.0.0-alpha1 <= 3.21.2" | en |
Affected
| ||||||