org.webjars.npm:express@3.4.8 vulnerabilities
-
latest version
4.18.1
-
first published
9 years ago
-
latest version published
a year ago
-
licenses detected
- [2.5.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.npm:express package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.webjars.npm:express is a WebJar for express. Affected versions of this package are vulnerable to Open Redirect due to the implementation of URL encoding using How to fix Open Redirect? A fix was pushed into the |
[0,)
|
Affected versions of this package do not enforce the user's browser to set a specific charset in the content-type header while displaying 400 level response messages. This could be used by remote attackers to perform a cross-site scripting attack, by using non-standard encodings like UTF-7. |
[,3.11.0)
[4.0.0,4.5.0)
|