[FP]: express:4.21.2 | CVE-2024-10491 #7266
Comments
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/12426648292 |
|
Npm Coordinates npm -i express@4.21.0Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7266
]]></notes>
<packageUrl regex="true">^pkg:npm/express@.*$</packageUrl>
<cpe>cpe:/a:N/AC:L/PR</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12446634008 |
aikebah
added
ossindex
|
Npm Coordinates npm -i express@4.21.2Suppression rule: <suppress base="true">
<notes><![CDATA[
FP per issue #7266
]]></notes>
<packageUrl regex="true">^pkg:npm/express@.*$</packageUrl>
<cpe>cpe:/a:N/AC:L/PR</cpe>
</suppress>Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/12446653426 |
|
The (OSSINDEX) behind the CVE indicates that this vuln was sourced from the Sonatype OSSINDEX. You'd have to raise it with them as they list it as affected for this exact version as you can see on https://ossindex.sonatype.org/component/pkg:npm/express@4.21.0 upon sign-in |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:npm/express@4.21.2
CPE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE
CVE-2024-10491
ODC Integration
{"label"=>"CLI"}
ODC Version
11.1.1
Description
The vulnerability applies to versions up to and including 3.21.2.
https://ogma.in/cve-2024-10491-mitigating-vulnerability-in-express-response-links
The text was updated successfully, but these errors were encountered: