4.21.1
13 years ago
1 months ago
Known vulnerabilities in the express package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
express is a minimalist web framework. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') through the How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade | <4.0.0-rc1 |
express is a minimalist web framework. Affected versions of this package are vulnerable to Open Redirect via the Notes:
How to fix Open Redirect? Upgrade | >=3.4.5 <4.0.0 |
express is a minimalist web framework. Affected versions of this package are vulnerable to Cross-site Scripting due to improper handling of user input in the Note To exploit this vulnerability, the following conditions are required:
How to fix Cross-site Scripting? Upgrade | <4.20.0>=5.0.0-alpha.1 <5.0.0 |
express is a minimalist web framework. Affected versions of this package are vulnerable to Open Redirect due to the implementation of URL encoding using How to fix Open Redirect? Upgrade | <4.19.2>=5.0.0-alpha.1 <5.0.0-beta.3 |
Affected versions of this package do not enforce the user's browser to set a specific charset in the content-type header while displaying 400 level response messages. This could be used by remote attackers to perform a cross-site scripting attack, by using non-standard encodings like UTF-7. | <3.11.0>=4.0.0 <4.5.0 |