Skip to content

Comments

Fix CVE-2024-43799: Update express to 4.21.0 (send to 0.19.0)#166

Open
mihirukongahage wants to merge 1 commit intodevfrom
fix-cve-2024-43799
Open

Fix CVE-2024-43799: Update express to 4.21.0 (send to 0.19.0)#166
mihirukongahage wants to merge 1 commit intodevfrom
fix-cve-2024-43799

Conversation

@mihirukongahage
Copy link
Owner

@mihirukongahage mihirukongahage commented Feb 20, 2026

Summary

This PR fixes the security vulnerability CVE-2024-43799 in the send package.

Changes

  • Updated express from 4.17.1 to 4.21.0
  • This transitively updates send from 0.17.1 to 0.19.x

Vulnerability Details

CVE-2024-43799 is a template injection vulnerability in the send package that affects versions < 0.19.0. The updated version of express (4.21.0) includes send 0.19.0 which addresses this vulnerability.

Testing

  • Updated package.json and regenerated package-lock.json
  • The application should be tested to ensure compatibility with the updated dependencies

Co-authored-by: openhands openhands@all-hands.dev

@openhands-agent
Fix CVE-2024-43799: Update express to 4.21.0 (send to 0.19.x)
df75f30 
This update fixes a template injection vulnerability in the send package.
CVE-2024-43799 affects send versions < 0.19.0.

- Updated express from 4.17.1 to 4.21.0
- This transitively updates send from 0.17.1 to 0.19.x

Co-authored-by: openhands <openhands@all-hands.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mihirukongahage @openhands-agent