AZL-49053

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49053.json
JSON Data
https://api.osv.dev/v1/vulns/AZL-49053
Upstream
Published
2024-09-10T15:15:17Z
Modified
2026-04-21T04:29:44.969308Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
CVE-2024-43796 affecting package python-tensorboard for versions less than 2.16.2-5
Details

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

References

Affected packages

Azure Linux:3 / python-tensorboard

Package

Name
python-tensorboard
Purl
pkg:rpm/azure-linux/python-tensorboard

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.16.2-5

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49053.json"