CVE-2024-43800 - Vulnerability Details

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00678.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Openjsf Subscribe	Serve-static Subscribe
Redhat Subscribe	Discovery Subscribe Network Observ Optr Subscribe Openshift Subscribe Openshift Data Foundation Subscribe Openshift Distributed Tracing Subscribe Openshift Gitops Subscribe Openshift Serverless Subscribe Rhboac Hawtio Subscribe Rhmt Subscribe Service Mesh Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:openjsf:serve-static::::::node.js::*
	cpe:2.3:a:openjsf:serve-static::::::node.js::*

Package	CPE	Advisory	Released Date
Discovery 1 for RHEL 9
discovery/discovery-server-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
discovery/discovery-ui-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
HawtIO 4.0.0 for Red Hat build of Apache Camel 4
serve-static	cpe:/a:redhat:rhboac_hawtio:4.0.0	RHSA-2024:11023	2024-12-12T00:00:00Z
NETWORK-OBSERVABILITY-1.7.0-RHEL-9
network-observability/network-observability-cli-rhel9:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-console-plugin-rhel9:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-ebpf-agent-rhel9:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-flowlogs-pipeline-rhel9:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-operator-bundle:1.7.0-86	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-rhel9-operator:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
Red Hat Migration Toolkit for Containers 1.8
rhmtc/openshift-migration-ui-rhel8:v1.8.5-7	cpe:/a:redhat:rhmt:1.8::el8	RHSA-2024:10906	2024-12-10T00:00:00Z
Red Hat OpenShift Container Platform 4.17
openshift4/nmstate-console-plugin-rhel9:v4.17.0-202501301204.p0.gcffdc60.assembly.stream.el9	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:0875	2025-02-05T00:00:00Z
Red Hat OpenShift GitOps 1.12
openshift-gitops-1/argocd-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
Red Hat OpenShift GitOps 1.12 - RHEL 9
openshift-gitops-argocd-rhel9-container-v1.12.6-1	cpe:/a:redhat:openshift_gitops:1.12::el9	RHSA-2024:8677	2024-10-30T00:00:00Z
Red Hat OpenShift GitOps 1.13
openshift-gitops-1/argocd-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-argocd-rhel9-container-v1.13.2-5	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
Red Hat OpenShift Service Mesh 2.4 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.4.11-2	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.4.11-2	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.4.11-3	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.65.16-4	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.4.11-2	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/proxyv2-rhel8:2.4.11-5	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.4.11-2	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
Red Hat OpenShift Service Mesh 2.5 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.5.5-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.5.5-4	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.5.5-4	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-ossmc-rhel8:1.73.14-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.73.15-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.5.5-4	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/proxyv2-rhel8:2.5.5-6	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.5.5-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
Red Hat OpenShift Service Mesh 2.6 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.6.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.6.2-4	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-rhel8-operator:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-ossmc-rhel8:1.89.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.89.4-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8-operator:1.89.6-1	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.6.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
Red Hat OpenShift Service Mesh 2.6 for RHEL 9
openshift-service-mesh/proxyv2-rhel9:2.6.2-7	cpe:/a:redhat:service_mesh:2.6::el9	RHSA-2024:7726	2024-10-07T00:00:00Z
RHODF-4.14-RHEL-9
odf4/ocs-client-console-rhel9:v4.14.13-3	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:0323	2025-01-15T00:00:00Z
odf4/odf-console-rhel9:v4.14.13-3	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:0323	2025-01-15T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.14.13-3	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:0323	2025-01-15T00:00:00Z
RHODF-4.15-RHEL-9
odf4/ocs-client-console-rhel9:v4.15.9-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:0164	2025-01-09T00:00:00Z
odf4/odf-console-rhel9:v4.15.9-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:0164	2025-01-09T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.15.9-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:0164	2025-01-09T00:00:00Z
RHODF-4.16-RHEL-9
odf4/mcg-core-rhel9:v4.16.3-1	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2024:8113	2024-10-15T00:00:00Z
odf4/ocs-client-console-rhel9:v4.16.5-2	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:0082	2025-01-08T00:00:00Z
odf4/odf-console-rhel9:v4.16.5-2	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:0082	2025-01-08T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.16.5-2	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:0082	2025-01-08T00:00:00Z
RHODF-4.17-RHEL-9
odf4/mcg-core-rhel9:v4.17.0-69	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2024:8676	2024-10-30T00:00:00Z
odf4/odf-console-rhel9:v4.17.0-53	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2024:8676	2024-10-30T00:00:00Z
odf4/ocs-client-console-rhel9:v4.17.2-1	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:0079	2025-01-08T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.17.2-1	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:0079	2025-01-08T00:00:00Z
RHOSS-1.34-RHEL-8
openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-data-index-postgresql-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.34.0-5	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.34.0-2	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-management-console-rhel8:1.34.0-5	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-operator-bundle:1.34.0-5	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-rhel8-operator:1.34.0-5	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-swf-builder-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-swf-devmode-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
Red Hat OpenShift distributed tracing 3.4
registry.redhat.io/rhosdt/jaeger-query-rhel8:sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994	cpe:/a:redhat:openshift_distributed_tracing:3.4::el8	RHSA-2024:10917	2024-12-10T00:00:00Z
registry.redhat.io/rhosdt/jaeger-query-rhel8:sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab	cpe:/a:redhat:openshift_distributed_tracing:3.4::el8	RHSA-2024:10962	2024-12-11T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-2771	serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
Github GHSA	GHSA-cm22-4g7w-348p	serve-static vulnerable to template injection that can lead to XSS

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
https://nvd.nist.gov/vuln/detail/CVE-2024-43800
https://www.cve.org/CVERecord?id=CVE-2024-43800

History

Wed, 16 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00056}`	epss `{'score': 0.00061}`

Thu, 13 Feb 2025 09:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat discovery Redhat openshift
CPEs		cpe:/a:redhat:openshift:4.17::el9 cpe:/a:redhat:openshift_data_foundation:4.14::el9 cpe:/a:redhat:openshift_data_foundation:4.15::el9 cpe:/o:redhat:discovery:1.0::el9
Vendors & Products		Redhat discovery Redhat openshift

Fri, 13 Dec 2024 11:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat rhboac Hawtio
CPEs		cpe:/a:redhat:rhboac_hawtio:4.0.0
Vendors & Products		Redhat rhboac Hawtio

Thu, 12 Dec 2024 11:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:3.4::el8
Vendors & Products		Redhat openshift Distributed Tracing

Wed, 11 Dec 2024 00:00:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat rhmt
CPEs		cpe:/a:redhat:rhmt:1.8::el8
Vendors & Products		Redhat rhmt

Thu, 31 Oct 2024 11:30:00 +0900

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.17::el9 cpe:/a:redhat:openshift_gitops:1.12::el8 cpe:/a:redhat:openshift_gitops:1.12::el9

Wed, 30 Oct 2024 11:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Gitops
CPEs		cpe:/a:redhat:openshift_gitops:1.13::el8
Vendors & Products		Redhat openshift Gitops

Tue, 22 Oct 2024 23:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat network Observ Optr
CPEs		cpe:/a:redhat:network_observ_optr:1.7.0::el9
Vendors & Products		Redhat network Observ Optr

Wed, 16 Oct 2024 11:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Data Foundation
CPEs		cpe:/a:redhat:openshift_data_foundation:4.16::el9
Vendors & Products		Redhat openshift Data Foundation

Tue, 15 Oct 2024 11:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Serverless
CPEs		cpe:/a:redhat:openshift_serverless:1.34::el8
Vendors & Products		Redhat openshift Serverless

Tue, 08 Oct 2024 11:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat service Mesh
CPEs		cpe:/a:redhat:service_mesh:2.4::el8 cpe:/a:redhat:service_mesh:2.5::el8 cpe:/a:redhat:service_mesh:2.6::el8 cpe:/a:redhat:service_mesh:2.6::el9
Vendors & Products		Redhat Redhat service Mesh

Sat, 21 Sep 2024 03:00:00 +0900

Type	Values Removed	Values Added
First Time appeared		Openjsf Openjsf serve-static
CPEs		cpe:2.3:a:openjsf:serve-static::::::node.js::*
Vendors & Products		Openjsf Openjsf serve-static

Wed, 11 Sep 2024 06:30:00 +0900

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-43800 https://www.cve.org/CVERecord?id=CVE-2024-43800
Metrics	threat_severity `None`	threat_severity `Moderate`

Wed, 11 Sep 2024 04:30:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 00:00:00 +0900

Type	Values Removed	Values Added
Description		serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
Title		serve-static affected by template injection that can lead to XSS
Weaknesses		CWE-79
References		https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-10T14:50:06.043Z

Updated: 2024-09-10T19:08:02.494Z

Reserved: 2024-08-16T14:20:37.326Z

Link: CVE-2024-43800

Vulnrichment

Updated: 2024-09-10T19:07:58.208Z

NVD

Status : Analyzed

Published: 2024-09-10T15:15:17.937

Modified: 2024-09-20T17:36:30.313

Link: CVE-2024-43800

Redhat

Severity : Moderate

Publid Date: 2024-09-10T15:15:17Z

Links: CVE-2024-43800 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object