{"id":"USN-7581-1","summary":"node-express vulnerabilities","details":"It was discovered that Express incorrectly handled certain URLs, leading\nto an open redirect attack. A remote attacker could possibly use this\nissue to perform phishing attacks. (CVE-2024-29041)\n\nAdam Korcz discovered that Express did not properly sanitize certain\ninputs. A remote attacker could possibly use this issue to perform cross\nsite scripting. (CVE-2024-43796)","modified":"2026-04-24T10:01:59.373752Z","published":"2025-06-19T04:31:01Z","related":["UBUNTU-CVE-2024-29041","UBUNTU-CVE-2024-43796"],"upstream":["CVE-2024-29041","CVE-2024-43796","UBUNTU-CVE-2024-29041","UBUNTU-CVE-2024-43796"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7581-1"}],"affected":[{"package":{"name":"node-express","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/node-express@4.1.1~dfsg-1ubuntu0.16.04.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.1~dfsg-1ubuntu0.16.04.1~esm1"}]}],"versions":["4.1.1~dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-express","binary_version":"4.1.1~dfsg-1ubuntu0.16.04.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7581-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"node-express","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/node-express@4.1.1~dfsg-1ubuntu0.18.04.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.1~dfsg-1ubuntu0.18.04.1~esm1"}]}],"versions":["4.1.1~dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-express","binary_version":"4.1.1~dfsg-1ubuntu0.18.04.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7581-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"node-express","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/node-express@4.17.1-2ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.17.1-2ubuntu0.1~esm1"}]}],"versions":["4.17.1-1","4.17.1-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-express","binary_version":"4.17.1-2ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7581-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"node-express","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/node-express@4.17.3+~4.17.13-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.17.3+~4.17.13-1ubuntu0.1~esm1"}]}],"versions":["4.17.1-3","4.17.1+~cs4.17.13-1","4.17.2+~4.17.13-1","4.17.3+~4.17.13-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-express","binary_version":"4.17.3+~4.17.13-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7581-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}},{"package":{"name":"node-express","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/node-express@4.19.2+~cs8.36.21-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.19.2+~cs8.36.21-1ubuntu0.1~esm1"}]}],"versions":["4.18.2+~cs8.34.50-1","4.19.2+~cs8.36.21-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-express","binary_version":"4.19.2+~cs8.36.21-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7581-1.json","cves_map":{"cves":[],"ecosystem":"Ubuntu:Pro:24.04:LTS"}}}],"schema_version":"1.7.5"}