-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| send | npm | < 0.19.0 | 0.19.0 |
Miggo AIRoot Cause AnalysisThe vulnerability description directly implicates SendStream.redirect() as the function where untrusted input can lead to code execution. The provided commit patch shows modifications within this exact function. Specifically, the way an HTML document for redirection was created has been changed. The removed code line var doc = createHtmlDocument("Redirecting", "Redirecting to <a href=\"" + escapeHtml(loc) + "\">" + escapeHtml(loc) + "</a>") within SendStream.prototype.redirect clearly shows that loc (derived from this.path) was used to construct an anchor tag. If this.path contained template syntax, it could be rendered by a template engine used by Express under certain conditions, leading to XSS. The patch mitigates this by removing the anchor tag from the redirect message, instead just showing the URL as plain text. Therefore, SendStream.prototype.redirect is the function that processed the potentially malicious input and constructed the vulnerable output.
JavaScriptJavaScriptKEV Misses 88% of Exploited CVEs- Get the report