4.0 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): NONE
- Availability impact (A): NONE
Preload arbitrary resources by injecting additional `Link` headers
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources. This vulnerability is especially relevant for dynamic parameters.
Affected products
- =<3.21.2
Matching in nixpkgs
pkgs.texpresso
Live rendering and error reporting for LaTeX
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2025-01-29
pkgs.expressvpn
CLI client for ExpressVPN
-
nixos-unstable -
- nixpkgs-unstable 3.52.0.2
pkgs.opteeQemuAarch64
Trusted Execution Environment for ARM
-
nixos-unstable -
- nixpkgs-unstable 4.6.0
pkgs.haskellPackages.express
Dynamically-typed expressions involving function application and variables
-
nixos-unstable -
- nixpkgs-unstable 1.0.18
pkgs.haskellPackages.gogol-qpxexpress
Google QPX Express SDK
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python312Packages.pymata-express
Python Asyncio Arduino Firmata Client
-
nixos-unstable -
- nixpkgs-unstable 1.21
pkgs.python313Packages.pymata-express
Python Asyncio Arduino Firmata Client
-
nixos-unstable -
- nixpkgs-unstable 1.21
pkgs.haskellPackages.csound-expression
library to make electronic music
-
nixos-unstable -
- nixpkgs-unstable 5.4.4.1
pkgs.haskellPackages.prefix-expression
None
-
nixos-unstable -
- nixpkgs-unstable 1.2.6
pkgs.python312Packages.tag-expressions
Package to parse logical tag expressions
-
nixos-unstable -
- nixpkgs-unstable 2.0.1
pkgs.python313Packages.tag-expressions
Package to parse logical tag expressions
-
nixos-unstable -
- nixpkgs-unstable 2.0.1
pkgs.haskellPackages.reorder-expression
Reorder expressions in a syntax tree according to operator fixities
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.2
pkgs.python312Packages.import-expression
Transpiles a superset of python to allow easy inline imports
-
nixos-unstable -
- nixpkgs-unstable 2.2.1.post1
pkgs.python312Packages.xpath-expressions
Python module to handle XPath expressions
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.python313Packages.import-expression
Transpiles a superset of python to allow easy inline imports
-
nixos-unstable -
- nixpkgs-unstable 2.2.1.post1
pkgs.python313Packages.xpath-expressions
Python module to handle XPath expressions
-
nixos-unstable -
- nixpkgs-unstable 1.1.0
pkgs.python312Packages.license-expression
Utility library to parse, normalize and compare License expressions
-
nixos-unstable -
- nixpkgs-unstable 30.4.4
pkgs.python312Packages.py-expression-eval
Python Mathematical Expression Evaluator
-
nixos-unstable -
- nixpkgs-unstable 0.3.14
pkgs.python313Packages.license-expression
Utility library to parse, normalize and compare License expressions
-
nixos-unstable -
- nixpkgs-unstable 30.4.4
pkgs.python313Packages.py-expression-eval
Python Mathematical Expression Evaluator
-
nixos-unstable -
- nixpkgs-unstable 0.3.14
pkgs.python312Packages.ciscomobilityexpress
Module to interact with Cisco Mobility Express APIs to fetch connected devices
-
nixos-unstable -
- nixpkgs-unstable 1.0.2
pkgs.python313Packages.ciscomobilityexpress
Module to interact with Cisco Mobility Express APIs to fetch connected devices
-
nixos-unstable -
- nixpkgs-unstable 1.0.2
pkgs.wordpressPackages.plugins.webp-express
None
-
nixos-unstable -
- nixpkgs-unstable 0.25.9
pkgs.haskellPackages.csound-expression-typed
typed core for the library csound-expression
-
nixos-unstable -
- nixpkgs-unstable 0.2.9.0
pkgs.haskellPackages.csound-expression-dynamic
dynamic core for csound-expression library
-
nixos-unstable -
- nixpkgs-unstable 0.4.0.0
pkgs.haskellPackages.csound-expression-opcodes
opcodes for the library csound-expression
-
nixos-unstable -
- nixpkgs-unstable 0.0.5.4
pkgs.python312Packages.cucumber-tag-expressions
Provides tag-expression parser for cucumber/behave
-
nixos-unstable -
- nixpkgs-unstable 6.2.0
pkgs.python313Packages.cucumber-tag-expressions
Provides tag-expression parser for cucumber/behave
-
nixos-unstable -
- nixpkgs-unstable 6.2.0
pkgs.azure-cli-extensions.express-route-cross-connection
Microsoft Azure Command-Line Tools ExpressRouteCrossConnection Extension
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
Package maintainers
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
-
@Yureien Soham Sen <contact@sohamsen.me>
-
@jmbaur Jared Baur <jaredbaur@fastmail.com>
-
@uvNikita Nikita Uvarov <uv.nikita@gmail.com>
-
@maxxk Maxim Krivchikov <maxim.krivchikov@gmail.com>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@Cynerd Karel Kočí <cynerd@email.cz>
-
@kalbasit Wael Nasreddine <wael.nasreddine@gmail.com>
-
@NickHu Nick Hu <me@nickhu.co.uk>