Skip to content

Comments

Fix CVE-2024-43800: Update serve-static to 1.16.2 (via express 4.21.2)#165

Open
mihirukongahage wants to merge 1 commit intodevfrom
fix-cve-2024-43800
Open

Fix CVE-2024-43800: Update serve-static to 1.16.2 (via express 4.21.2)#165
mihirukongahage wants to merge 1 commit intodevfrom
fix-cve-2024-43800

Conversation

@mihirukongahage
Copy link
Owner

@mihirukongahage mihirukongahage commented Feb 20, 2026

Security Fix for CVE-2024-43800

Summary

This PR updates the express dependency from 4.17.1 to 4.21.2, which includes serve-static 1.16.2 (fixing CVE-2024-43800).

Vulnerability Details

  • CVE ID: CVE-2024-43800
  • Package: serve-static
  • Previous Version: 1.14.1 (via express 4.17.1)
  • Fixed Version: 1.16.2 (via express 4.21.2)

Description

CVE-2024-43800 is a vulnerability in the serve-static package that affects versions before 1.16.0 and 2.x versions before 2.1.0.

Changes

  • Updated express from ^4.17.1 to ^4.21.2
  • Regenerated package-lock.json

Testing

Please verify application functionality after deployment as express has been updated.

@openhands-agent
Fix CVE-2024-43800: Update express to 4.21.2
fc65e6a 
This updates the express dependency from 4.17.1 to 4.21.2, which includes
serve-static 1.16.2 (fixes CVE-2024-43800).

CVE-2024-43800 is a vulnerability in serve-static that affects versions
before 1.16.0 and 2.x versions before 2.1.0.

Co-authored-by: openhands <openhands@all-hands.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mihirukongahage @openhands-agent