CVE-2024-43799: send vulnerable to template injection that can lead to XSS
First published: Tue Sep 10 2024(Updated: )
### Impact passing untrusted user input - even after sanitizing it - to `SendStream.redirect()` may execute untrusted code ### Patches this issue is patched in send 0.19.0 ### Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist ### Details successful exploitation of this vector requires the following: 1. The attacker MUST control the input to response.redirect() 1. express MUST NOT redirect before the template appears 1. the browser MUST NOT complete redirection before: 1. the user MUST click on the link in the template
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Send Project Send | <0.19.0 | |
| npm/send | <0.19.0 | 0.19.0 |
| IBM Cognos Analytics | <=1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35
- https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg
- https://nvd.nist.gov/vuln/detail/CVE-2024-43799
- https://github.com/advisories/GHSA-m6fv-jmcg-4jfg (Advisory)
- https://access.redhat.com/errata/RHSA-2024:7724
- https://access.redhat.com/errata/RHSA-2024:7726
- https://access.redhat.com/errata/RHSA-2024:7725
- https://access.redhat.com/errata/RHSA-2024:8023
- https://access.redhat.com/errata/RHSA-2024:8014
- https://access.redhat.com/errata/RHSA-2024:8676
- https://access.redhat.com/errata/RHSA-2024:10906
- https://access.redhat.com/errata/RHSA-2024:11023
- https://access.redhat.com/errata/RHSA-2025:0079
- https://access.redhat.com/errata/RHSA-2025:0082
- https://access.redhat.com/errata/RHSA-2025:0164
- https://access.redhat.com/errata/RHSA-2025:0323
- https://access.redhat.com/errata/RHSA-2025:0875
- https://bugzilla.redhat.com/show_bug.cgi?id=2311153
- https://www.ibm.com/support/pages/node/7184429 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-43799?
CVE-2024-43799 is considered a moderate severity vulnerability due to the potential execution of untrusted code through user input.
How do I fix CVE-2024-43799?
To fix CVE-2024-43799, upgrade to version 0.19.0 or later of the 'send' package.
What causes CVE-2024-43799?
CVE-2024-43799 is caused by passing untrusted user input to the SendStream.redirect() function, which may lead to code execution.
Which versions of the 'send' package are affected by CVE-2024-43799?
CVE-2024-43799 affects all versions of the 'send' package before 0.19.0.
Is there a workaround for CVE-2024-43799 if I cannot upgrade?
If upgrading is not an option, ensure input is highly sanitized and thoroughly validated before being passed to SendStream.redirect().
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/type
- collector/nvd-cve
- source/NVD
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- agent/software-canonical-lookup
- agent/remedy
- agent/severity
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-m6fv-jmcg-4jfg
- alias/CVE-2024-43799
- collector/github-advisory
- agent/trending
- agent/source
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- agent/references
- agent/tags
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- vendor/send project
- canonical/send project send
- package-manager/npm
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/1.1