expressjs express up to 4.21.x/5.1.x dynamically-determined object attributes 🚫 [False Positive]

Noticeinfo

⚠️ Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

Productinfo

Vendor

• expressjs

Name

• express

Version

• 4.0
• 4.1
• 4.2
• 4.3
• 4.4
• 4.5
• 4.6
• 4.7
• 4.8
• 4.9
• 4.10
• 4.11
• 4.12
• 4.13
• 4.14
• 4.15
• 4.16
• 4.17
• 4.18
• 4.19
• 4.20
• 4.21
• 5.0
• 5.1

License

• open-source

Website

• Product: https://github.com/expressjs/express/

Timelineinfo

11/04/2024 CVE reserved
12/01/2025 +392 days Advisory disclosed
12/01/2025 +0 days VulDB entry created
12/02/2025 +1 days VulDB entry last update

Sourcesinfo

Product: github.com

Advisory: GHSA-pj86-cfqh-vqx6
False Positive: Yes

CVE: CVE-2024-51999 (🔒)
GCVE (CVE): GCVE-0-2024-51999
GCVE (VulDB): GCVE-100-333917

Entryinfo

Created: 12/01/2025 23:26
Updated: 12/02/2025 16:32
Changes: 12/01/2025 23:26 (70), 12/02/2025 02:51 (1), 12/02/2025 16:32 (3)
Complete: 🔍
Cache ID: 216::103

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!