From 78de28d7ecf5caa4421eb0562853c1d06a91b993 Mon Sep 17 00:00:00 2001
From: axi92 <axi92@users.noreply.github.com>
Date: Wed, 20 Nov 2024 15:54:58 +0100
Subject: [PATCH] Improve GHSA-cm5g-3pgc-8rg4

---
 .../GHSA-cm5g-3pgc-8rg4.json                  | 23 +++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/advisories/unreviewed/2024/10/GHSA-cm5g-3pgc-8rg4/GHSA-cm5g-3pgc-8rg4.json b/advisories/unreviewed/2024/10/GHSA-cm5g-3pgc-8rg4/GHSA-cm5g-3pgc-8rg4.json
index 0e1315d3c8fd7..d79bb05b21259 100644
--- a/advisories/unreviewed/2024/10/GHSA-cm5g-3pgc-8rg4/GHSA-cm5g-3pgc-8rg4.json
+++ b/advisories/unreviewed/2024/10/GHSA-cm5g-3pgc-8rg4/GHSA-cm5g-3pgc-8rg4.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cm5g-3pgc-8rg4",
-  "modified": "2024-11-07T00:30:36Z",
+  "modified": "2024-10-29T18:30:42Z",
   "published": "2024-10-29T18:30:37Z",
   "aliases": [
     "CVE-2024-10491"
   ],
+  "summary": "Express ressource injection",
   "details": "A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.\n\nThe issue arises from improper sanitization in `Link` header values, which can allow a combination of characters like `,`, `;`, and `<>` to preload malicious resources.\n\nThis vulnerability is especially relevant for dynamic parameters.",
   "severity": [
     {
@@ -14,7 +15,25 @@
     }
   ],
   "affected": [
-
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "express"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "3.21.4"
+            }
+          ]
+        }
+      ]
+    }
   ],
   "references": [
     {