CVERadar

CVE-2024-43799

High Severity

Send_project

SVRS

48/100

CVSSv3

4.7/10

EPSS

0.00025/1

CVE-2024-43799 is a critical vulnerability in the Send library that allows for potential untrusted code execution. This vulnerability arises because Send passes untrusted user input to SendStream.redirect(), leading to the execution of malicious code. The vulnerability is patched in send version 0.19.0.

Although CVE-2024-43799 has a CVSS score of 4.7, indicating a medium severity, the SOCRadar Vulnerability Risk Score (SVRS) is 48. This suggests a moderate risk, however organizations utilizing the Send library should still apply the patch to prevent potential exploitation. Exploitation could result in unauthorized access and potentially complete system compromise by threat actors. The vulnerability is due to improper handling of user input within the redirect function.

TAGS

No tags available

VECTOR STRING

CVSS:3.1

AV:N

AC:H

PR:N

UI:R

S:C

C:L

I:L

A:N

PUBLICATION DATE2024-09-10

LAST MODIFIED2024-09-20

SOCRadar

AI Insight

Description

CVE-2024-43799 is a vulnerability in the Send library, which is used for streaming files from the file system as an HTTP response. The vulnerability allows untrusted user input to be passed to SendStream.redirect(), which can lead to the execution of untrusted code. This vulnerability has a CVSS score of 5, indicating a medium severity level. However, the SOCRadar Vulnerability Risk Score (SVRS) is 38, indicating a higher level of risk. This is because the SVRS takes into account additional factors, such as social media activity, news reports, and associations with threat actors and malware.

Key Insights

The vulnerability can be exploited by attackers to execute arbitrary code on vulnerable systems.
The vulnerability is relatively easy to exploit, as it only requires an attacker to send a specially crafted HTTP request to a vulnerable system.
The vulnerability is actively being exploited by attackers in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the vulnerability, calling for immediate and necessary measures to be taken.

Mitigation Strategies

Update to the latest version of the Send library (0.19.0 or later).
Restrict access to the vulnerable code from untrusted sources.
Implement input validation to prevent untrusted user input from being passed to SendStream.redirect().
Monitor for suspicious activity and take appropriate action if necessary.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-43799 | pillarjs send up to 0.18.x HTTP Response sendStream.redirect cross site scripting (Nessus ID 209177)

vuldb.com2025-03-10

CVE-2024-43799 | pillarjs send up to 0.18.x HTTP Response sendStream.redirect cross site scripting (Nessus ID 209177) | A vulnerability was found in pillarjs send up to 0.18.x. It has been rated as problematic. This issue affects the function sendStream.redirect of the component HTTP Response Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE

vuldb.com

rss

forum

news

Social Media

Ulises Gascón

@kom_256

2024-09-10

CVE-2024-43799 (moderate) in Send. passing untrusted user input - even after sanitizing it - to SendStream.redirect() may execute untrusted code https://t.co/70UVcxfy5W

Affected Software

Configuration 1

Type	Vendor	Product
App	Send_project	send

References

Reference	Link
[email protected]	https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35
[email protected]	https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg

CWE Details

CWE ID	CWE Name	Description
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence