search

VandelaySecurity / NodeGoat

Apache License 2.0
0 stars 0 forks source link

[šŸø Frogbot] Update version of express to 4.20.0 #56

Open github-actions[bot] opened 2 months ago

github-actions[bot] commented 2 months ago
[![šŸšØ This automated pull request was created by Frogbot and fixes the below:](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/vulnerabilitiesFixBannerPR.png)](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)

šŸ“¦ Vulnerable Dependencies

āœļø Summary

| SEVERITY | CONTEXTUAL ANALYSIS | DIRECT DEPENDENCIES | IMPACTED DEPENDENCY | FIXED VERSIONS | CVES | | :---------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | :-----------------------------------: | | ![](https://raw.githubusercontent.com/jfrog/frogbot/master/resources/v2/applicableMediumSeverity.png)
Medium | Not Covered | express:4.16.4 | express 4.16.4 | [4.20.0]
[5.0.0] | CVE-2024-43796 |

šŸ”¬ Research Details

Description: Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

[šŸø JFrog Frogbot](https://docs.jfrog-applications.jfrog.io/jfrog-applications/frogbot)
sonarcloud[bot] commented 2 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud