CVE-2024-51999
- Source
- https://cve.org/CVERecord?id=CVE-2024-51999
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51999.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-51999
- Aliases
- Downstream
- Related
- Published
- 2025-12-01T21:15:49.100Z
- Modified
- 2026-02-04T11:51:26.442941Z
- Severity
-
- 2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
Express.js minimalist web framework for node. Prior to 5.2.0 and 4.22.0, when using the extended query parser in express ('query parser': 'extended'), the request.query object inherits all object prototype properties, but these properties can be overwritten by query string parameter keys that match the property names. This vulnerability is fixed in 5.2.0 and 4.22.0.
- References
Affected packages
Git / github.com/expressjs/express
Affected ranges
- Type
- GIT
- Repo
- https://github.com/expressjs/express
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
0.*
0.0.1
0.0.2
0.1.0
0.10.0
0.10.1
0.11.0
0.12.0
0.13.0
0.14.0
0.2.0
0.2.1
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.8.0
0.9.0
1.*
1.0.0
1.0.0beta
1.0.0beta2
1.0.0rc
1.0.0rc2
1.0.0rc3
1.0.0rc4
2.*
2.0.0
2.0.0beta2
2.0.0beta3
2.0.0rc
2.0.0rc2
2.0.0rc3
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.10
2.3.11
2.3.12
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
3.*
3.0.0alpha1
3.0.0alpha2
3.0.0alpha3
3.0.0alpha4
3.0.0alpha5
3.0.0beta1
3.0.0beta2
3.0.0beta3
3.0.0beta4
3.0.0beta5
3.0.0beta6
3.0.0beta7
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
3.1.2
3.10.0
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.11.0
3.12.0
3.12.1
3.13.0
3.14.0
3.15.0
3.15.1
3.15.2
3.15.3
3.16.0
3.16.1
3.16.10
3.16.2
3.16.3
3.16.4
3.16.5
3.16.6
3.16.7
3.16.8
3.16.9
3.17.0
3.17.1
3.17.2
3.17.3
3.17.4
3.17.5
3.17.6
3.17.7
3.17.8
3.18.0
3.18.1
3.18.2
3.18.3
3.18.4
3.18.5
3.18.6
3.19.0
3.19.1
3.19.2
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.20.0
3.20.1
3.20.2
3.20.3
3.21.0
3.21.1
3.21.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.5.0
3.5.1
3.5.2
3.5.3
3.6.0
3.7.0
3.8.0
3.8.1
3.9.0
4.*
4.0.0
4.0.0-rc1
4.0.0-rc2
4.0.0-rc3
4.0.0-rc4
4.1.0
4.1.1
4.1.2
4.10.0
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.10.8
4.11.0
4.11.1
4.11.2
4.12.0
4.12.1
4.12.2
4.12.3
4.12.4
4.13.0
4.13.1
4.13.2
4.13.3
4.13.4
4.14.0
4.14.1
4.15.0
4.15.1
4.15.2
4.15.3
4.15.4
4.15.5
4.16.0
4.16.1
4.16.2
4.16.3
4.16.4
4.17.0
4.17.1
4.17.2
4.17.3
4.18.0
4.18.1
4.18.2
4.18.3
4.19.0
4.19.1
4.19.2
4.2.0
4.20.0
4.21.0
4.21.1
4.21.2
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.5.0
4.5.1
4.6.0
4.6.1
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.9.0
4.9.1
4.9.2
4.9.3
4.9.4
4.9.5
4.9.6
4.9.7
4.9.8
5.*
5.0.0-alpha.1
5.0.0-alpha.2
5.0.0-alpha.3
5.0.0-alpha.4
5.0.0-alpha.5
5.0.0-alpha.6
5.0.0-alpha.7
5.0.0-alpha.8
5.0.0-beta.2
v5.*
v5.0.0
v5.0.0-beta.1
v5.0.0-beta.3
v5.0.1
v5.1.0