Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-brt7-jc9b-dbha
Vulnerability ID VCID-brt7-jc9b-dbha
Aliases CVE-2024-43796
GHSA-qw6h-vgh9-j6wx
Summary express vulnerable to XSS via response.redirect() ### Impact In express <4.20.0, passing untrusted user input - even after sanitizing it - to `response.redirect()` may execute untrusted code ### Patches this issue is patched in express 4.20.0 ### Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist ### Details successful exploitation of this vector requires the following: 1. The attacker MUST control the input to response.redirect() 1. express MUST NOT redirect before the template appears 1. the browser MUST NOT complete redirection before: 1. the user MUST click on the link in the template
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43796.json
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-43796
cvssv3.1_qr LOW https://github.com/advisories/GHSA-qw6h-vgh9-j6wx
cvssv3.1 5.0 https://github.com/expressjs/express
cvssv4 2.3 https://github.com/expressjs/express
generic_textual LOW https://github.com/expressjs/express
cvssv3.1 5 https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
cvssv3.1 5.0 https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
cvssv4 2.3 https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
generic_textual LOW https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
ssvc Track https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
cvssv3.1 5 https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
cvssv3.1 5.0 https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
cvssv3.1_qr LOW https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
cvssv4 2.3 https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
generic_textual LOW https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
ssvc Track https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
cvssv3.1 5.0 https://nvd.nist.gov/vuln/detail/CVE-2024-43796
cvssv4 2.3 https://nvd.nist.gov/vuln/detail/CVE-2024-43796
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2024-43796
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43796.json
https://api.first.org/data/v1/epss?cve=CVE-2024-43796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43796
https://github.com/expressjs/express
https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
https://nvd.nist.gov/vuln/detail/CVE-2024-43796
1081481 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081481
2311152 https://bugzilla.redhat.com/show_bug.cgi?id=2311152
GHSA-qw6h-vgh9-j6wx https://github.com/advisories/GHSA-qw6h-vgh9-j6wx
RHSA-2024:10906 https://access.redhat.com/errata/RHSA-2024:10906
RHSA-2024:10917 https://access.redhat.com/errata/RHSA-2024:10917
RHSA-2024:10962 https://access.redhat.com/errata/RHSA-2024:10962
RHSA-2024:7726 https://access.redhat.com/errata/RHSA-2024:7726
RHSA-2024:8014 https://access.redhat.com/errata/RHSA-2024:8014
RHSA-2024:8023 https://access.redhat.com/errata/RHSA-2024:8023
RHSA-2024:8113 https://access.redhat.com/errata/RHSA-2024:8113
RHSA-2024:8581 https://access.redhat.com/errata/RHSA-2024:8581
RHSA-2024:8676 https://access.redhat.com/errata/RHSA-2024:8676
RHSA-2024:8677 https://access.redhat.com/errata/RHSA-2024:8677
RHSA-2025:0079 https://access.redhat.com/errata/RHSA-2025:0079
RHSA-2025:0082 https://access.redhat.com/errata/RHSA-2025:0082
RHSA-2025:0164 https://access.redhat.com/errata/RHSA-2025:0164
RHSA-2025:0323 https://access.redhat.com/errata/RHSA-2025:0323
RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875
USN-7581-1 https://usn.ubuntu.com/7581-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43796.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/expressjs/express
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L Found at https://github.com/expressjs/express
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L Found at https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:58:36Z/ Found at https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L Found at https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:58:36Z/ Found at https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-43796
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-43796
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.31073
EPSS Score 0.00123
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:43:23.908915+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-qw6h-vgh9-j6wx/GHSA-qw6h-vgh9-j6wx.json 38.6.0