Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

Ubuntu 24.10: USN-7581-1 critical: node-express open redirect

ubuntu
Calendar Grey June 19, 2025
Dist Ubuntu Esm H88
Numerous essential vulnerabilities in Express necessitate prompt updates for several Ubuntu releases. Ensure your system's safety!
Several security issues were fixed in Express.

Summary

Several security issues were fixed in Express.

Software Description:

- node-express: Fast, unopinionated, minimalist web framework for Node.js

Details:

It was discovered that Express incorrectly handled certain URLs, leading

to an open redirect attack. A remote attacker could possibly use this

issue to perform phishing attacks. (CVE-2024-29041)

Adam Korcz discovered that Express did not properly sanitize certain

inputs. A remote attacker could possibly use this issue to perform cross

site scripting. (CVE-2024-43796)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  node-express                    4.19.2+~cs8.36.26-1ubuntu0.1

Ubuntu 24.04 LTS
  node-express                    4.19.2+~cs8.36.21-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  node-express                    4.17.3+~4.17.13-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  node-express                    4.17.1-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  node-express                    4.1.1~dfsg-1ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  node-express                    4.1.1~dfsg-1ubuntu0.16.04.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7581-1

CVE-2024-29041, CVE-2024-43796

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7581-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here