logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2024-10491

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-10491

Description:
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.
Last updated date:
11/06/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/06/2024
Reference url to background

https://www.herodevs.com/vulnerability-directory/cve-2024-10491

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy