Improve GHSA-cm5g-3pgc-8rg4

github · Nov 20, 2024 · 78de28d · 78de28d
1 parent 8fc5c10
commit 78de28d
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/advisories/unreviewed/2024/10/GHSA-cm5g-3pgc-8rg4/GHSA-cm5g-3pgc-8rg4.json b/advisories/unreviewed/2024/10/GHSA-cm5g-3pgc-8rg4/GHSA-cm5g-3pgc-8rg4.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cm5g-3pgc-8rg4",
-  "modified": "2024-11-07T00:30:36Z",
+  "modified": "2024-10-29T18:30:42Z",
   "published": "2024-10-29T18:30:37Z",
   "aliases": [
     "CVE-2024-10491"
   ],
+  "summary": "Express ressource injection",
   "details": "A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters.",
   "severity": [
     {
@@ -14,7 +15,25 @@
     }
   ],
   "affected": [
-
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "express"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.21.4"
+            }
+          ]
+        }
+      ]
+    }
   ],
   "references": [
     {