CVE-2024-51999 - Vulnerability Details

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Expressjs Subscribe	Express Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Expressjs Subscribe	Express Subscribe

Advisories

Source	ID	Title
Github GHSA	GHSA-pj86-cfqh-vqx6	Withdrawn Advisory: express improperly controls modification of query properties

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Wed, 03 Dec 2025 18:15:00 +0900

Type	Values Removed	Values Added
Title	express improperly controls modification of query properties
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 03 Dec 2025 06:15:00 +0900

Type	Values Removed	Values Added
Title		express improperly controls modification of query properties
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 03 Dec 2025 01:15:00 +0900

Type	Values Removed	Values Added
Title	express improperly controls modification of query properties
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 03 Dec 2025 00:30:00 +0900

Type	Values Removed	Values Added
Weaknesses	CWE-915
References	https://github.com/expressjs/express/commit/2f64f68c37c64ae333e41ff38032d21860f22255 https://github.com/expressjs/express/releases/tag/4.22.0 https://github.com/expressjs/express/releases/tag/v5.2.0 https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6
Metrics	cvssV4_0 `{'score': 2.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 03 Dec 2025 00:15:00 +0900

Type	Values Removed	Values Added
Description	Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.	REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Metrics	cvssV4_0 `{'score': 2.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U'}`	cvssV4_0 `{'score': 2.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Tue, 02 Dec 2025 21:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Expressjs Expressjs express
Vendors & Products		Expressjs Expressjs express

Tue, 02 Dec 2025 06:15:00 +0900

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 02 Dec 2025 05:30:00 +0900

Type	Values Removed	Values Added
Description		Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.
Title		express improperly controls modification of query properties
Weaknesses		CWE-915
References		https://github.com/expressjs/express/commit/2f64f68c37c64ae333e41ff38032d21860f22255 https://github.com/expressjs/express/releases/tag/4.22.0 https://github.com/expressjs/express/releases/tag/v5.2.0 https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6
Metrics		cvssV4_0 `{'score': 2.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U'}`

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: GitHub_M

Published: 2025-12-01T20:17:53.641Z

Updated: 2025-12-02T15:01:15.735Z

Reserved: 2024-11-04T17:46:16.778Z

Link: CVE-2024-51999

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-12-01T21:15:49.100

Modified: 2025-12-02T15:15:48.063

Link: CVE-2024-51999

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-02T20:58:48Z

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object