CVE-2024-43800 - Vulnerability Details

- serve-static affected by template injection that can lead to XSS

Description

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

Published: 2024-09-10

Score: 5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

expressjs

serve-static

affected

Version	Status	Constraints
`< 1.16.0`	affected	—
`>= 2.0.0, < 2.1.0`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:openjsf:serve-static::::::node.js::*
	cpe:2.3:a:openjsf:serve-static::::::node.js::*

Package	CPE	Advisory	Released Date
Discovery 1 for RHEL 9
discovery/discovery-server-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
discovery/discovery-ui-rhel9:1.12.0-1	cpe:/o:redhat:discovery:1.0::el9	RHSA-2025:1249	2025-02-10T00:00:00Z
HawtIO 4.0.0 for Red Hat build of Apache Camel 4
serve-static	cpe:/a:redhat:rhboac_hawtio:4.0.0	RHSA-2024:11023	2024-12-12T00:00:00Z
NETWORK-OBSERVABILITY-1.7.0-RHEL-9
network-observability/network-observability-cli-rhel9:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-console-plugin-rhel9:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-ebpf-agent-rhel9:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-flowlogs-pipeline-rhel9:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-operator-bundle:1.7.0-86	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
network-observability/network-observability-rhel9-operator:v1.7.0-67	cpe:/a:redhat:network_observ_optr:1.7.0::el9	RHSA-2024:8014	2024-10-22T00:00:00Z
Red Hat Migration Toolkit for Containers 1.8
rhmtc/openshift-migration-ui-rhel8:v1.8.5-7	cpe:/a:redhat:rhmt:1.8::el8	RHSA-2024:10906	2024-12-10T00:00:00Z
Red Hat OpenShift Container Platform 4.17
openshift4/nmstate-console-plugin-rhel9:v4.17.0-202501301204.p0.gcffdc60.assembly.stream.el9	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:0875	2025-02-05T00:00:00Z
Red Hat OpenShift GitOps 1.12
openshift-gitops-1/argocd-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.12.6-2	cpe:/a:redhat:openshift_gitops:1.12::el8	RHSA-2024:8677	2024-10-30T00:00:00Z
Red Hat OpenShift GitOps 1.12 - RHEL 9
openshift-gitops-argocd-rhel9-container-v1.12.6-1	cpe:/a:redhat:openshift_gitops:1.12::el9	RHSA-2024:8677	2024-10-30T00:00:00Z
Red Hat OpenShift GitOps 1.13
openshift-gitops-1/argocd-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.13.2-4	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
openshift-gitops-argocd-rhel9-container-v1.13.2-5	cpe:/a:redhat:openshift_gitops:1.13::el8	RHSA-2024:8581	2024-10-29T00:00:00Z
Red Hat OpenShift Service Mesh 2.4 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.4.11-2	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.4.11-2	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.4.11-3	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.65.16-4	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.4.11-2	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/proxyv2-rhel8:2.4.11-5	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.4.11-2	cpe:/a:redhat:service_mesh:2.4::el8	RHSA-2024:7724	2024-10-07T00:00:00Z
Red Hat OpenShift Service Mesh 2.5 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.5.5-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.5.5-4	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.5.5-4	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-ossmc-rhel8:1.73.14-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.73.15-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.5.5-4	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/proxyv2-rhel8:2.5.5-6	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.5.5-3	cpe:/a:redhat:service_mesh:2.5::el8	RHSA-2024:7725	2024-10-07T00:00:00Z
Red Hat OpenShift Service Mesh 2.6 for RHEL 8
openshift-service-mesh/grafana-rhel8:2.6.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-cni-rhel8:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-must-gather-rhel8:2.6.2-4	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/istio-rhel8-operator:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-ossmc-rhel8:1.89.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8:1.89.4-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/kiali-rhel8-operator:1.89.6-1	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/pilot-rhel8:2.6.2-5	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
openshift-service-mesh/ratelimit-rhel8:2.6.2-3	cpe:/a:redhat:service_mesh:2.6::el8	RHSA-2024:7726	2024-10-07T00:00:00Z
Red Hat OpenShift Service Mesh 2.6 for RHEL 9
openshift-service-mesh/proxyv2-rhel9:2.6.2-7	cpe:/a:redhat:service_mesh:2.6::el9	RHSA-2024:7726	2024-10-07T00:00:00Z
RHODF-4.14-RHEL-9
odf4/ocs-client-console-rhel9:v4.14.13-3	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:0323	2025-01-15T00:00:00Z
odf4/odf-console-rhel9:v4.14.13-3	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:0323	2025-01-15T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.14.13-3	cpe:/a:redhat:openshift_data_foundation:4.14::el9	RHSA-2025:0323	2025-01-15T00:00:00Z
RHODF-4.15-RHEL-9
odf4/ocs-client-console-rhel9:v4.15.9-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:0164	2025-01-09T00:00:00Z
odf4/odf-console-rhel9:v4.15.9-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:0164	2025-01-09T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.15.9-1	cpe:/a:redhat:openshift_data_foundation:4.15::el9	RHSA-2025:0164	2025-01-09T00:00:00Z
RHODF-4.16-RHEL-9
odf4/mcg-core-rhel9:v4.16.3-1	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2024:8113	2024-10-15T00:00:00Z
odf4/ocs-client-console-rhel9:v4.16.5-2	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:0082	2025-01-08T00:00:00Z
odf4/odf-console-rhel9:v4.16.5-2	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:0082	2025-01-08T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.16.5-2	cpe:/a:redhat:openshift_data_foundation:4.16::el9	RHSA-2025:0082	2025-01-08T00:00:00Z
RHODF-4.17-RHEL-9
odf4/mcg-core-rhel9:v4.17.0-69	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2024:8676	2024-10-30T00:00:00Z
odf4/odf-console-rhel9:v4.17.0-53	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2024:8676	2024-10-30T00:00:00Z
odf4/ocs-client-console-rhel9:v4.17.2-1	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:0079	2025-01-08T00:00:00Z
odf4/odf-multicluster-console-rhel9:v4.17.2-1	cpe:/a:redhat:openshift_data_foundation:4.17::el9	RHSA-2025:0079	2025-01-08T00:00:00Z
RHOSS-1.34-RHEL-8
openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-data-index-postgresql-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.34.0-5	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.34.0-2	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-management-console-rhel8:1.34.0-5	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-operator-bundle:1.34.0-5	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-rhel8-operator:1.34.0-5	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-swf-builder-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
openshift-serverless-1/logic-swf-devmode-rhel8:1.34.0-6	cpe:/a:redhat:openshift_serverless:1.34::el8	RHSA-2024:8023	2024-10-14T00:00:00Z
Red Hat OpenShift distributed tracing 3.4
registry.redhat.io/rhosdt/jaeger-query-rhel8:sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994	cpe:/a:redhat:openshift_distributed_tracing:3.4::el8	RHSA-2024:10917	2024-12-10T00:00:00Z
registry.redhat.io/rhosdt/jaeger-query-rhel8:sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab	cpe:/a:redhat:openshift_distributed_tracing:3.4::el8	RHSA-2024:10962	2024-12-11T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-2771	serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
Github GHSA	GHSA-cm22-4g7w-348p	serve-static vulnerable to template injection that can lead to XSS

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00919.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b
https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa
https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
https://nvd.nist.gov/vuln/detail/CVE-2024-43800
https://www.cve.org/CVERecord?id=CVE-2024-43800

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00056}`	epss `{'score': 0.00061}`

Thu, 13 Feb 2025 00:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat discovery Redhat openshift
CPEs		cpe:/a:redhat:openshift:4.17::el9 cpe:/a:redhat:openshift_data_foundation:4.14::el9 cpe:/a:redhat:openshift_data_foundation:4.15::el9 cpe:/o:redhat:discovery:1.0::el9
Vendors & Products		Redhat discovery Redhat openshift

Fri, 13 Dec 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhboac Hawtio
CPEs		cpe:/a:redhat:rhboac_hawtio:4.0.0
Vendors & Products		Redhat rhboac Hawtio

Thu, 12 Dec 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:3.4::el8
Vendors & Products		Redhat openshift Distributed Tracing

Tue, 10 Dec 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhmt
CPEs		cpe:/a:redhat:rhmt:1.8::el8
Vendors & Products		Redhat rhmt

Thu, 31 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift_data_foundation:4.17::el9 cpe:/a:redhat:openshift_gitops:1.12::el8 cpe:/a:redhat:openshift_gitops:1.12::el9

Wed, 30 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Gitops
CPEs		cpe:/a:redhat:openshift_gitops:1.13::el8
Vendors & Products		Redhat openshift Gitops

Tue, 22 Oct 2024 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat network Observ Optr
CPEs		cpe:/a:redhat:network_observ_optr:1.7.0::el9
Vendors & Products		Redhat network Observ Optr

Wed, 16 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Data Foundation
CPEs		cpe:/a:redhat:openshift_data_foundation:4.16::el9
Vendors & Products		Redhat openshift Data Foundation

Tue, 15 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Serverless
CPEs		cpe:/a:redhat:openshift_serverless:1.34::el8
Vendors & Products		Redhat openshift Serverless

Tue, 08 Oct 2024 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat service Mesh
CPEs		cpe:/a:redhat:service_mesh:2.4::el8 cpe:/a:redhat:service_mesh:2.5::el8 cpe:/a:redhat:service_mesh:2.6::el8 cpe:/a:redhat:service_mesh:2.6::el9
Vendors & Products		Redhat Redhat service Mesh

Fri, 20 Sep 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Openjsf Openjsf serve-static
CPEs		cpe:2.3:a:openjsf:serve-static::::::node.js::*
Vendors & Products		Openjsf Openjsf serve-static

Tue, 10 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2024-43800 https://www.cve.org/CVERecord?id=CVE-2024-43800
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 10 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Sep 2024 15:00:00 +0000

Type	Values Removed	Values Added
Description		serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
Title		serve-static affected by template injection that can lead to XSS
Weaknesses		CWE-79
References		https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}`

Subscriptions

Openjsf Serve-static

Redhat Discovery Network Observ Optr Openshift Openshift Data Foundation Openshift Distributed Tracing Openshift Gitops Openshift Serverless Rhboac Hawtio Rhmt Service Mesh

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-10T14:50:06.043Z

Updated: 2024-09-10T19:08:02.494Z

Reserved: 2024-08-16T14:20:37.326Z

Link: CVE-2024-43800

Vulnrichment

Updated: 2024-09-10T19:07:58.208Z

NVD

Status : Analyzed

Published: 2024-09-10T15:15:17.937

Modified: 2024-09-20T17:36:30.313

Link: CVE-2024-43800

Redhat

Severity : Moderate

Publid Date: 2024-09-10T15:15:17Z

Links: CVE-2024-43800 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object