cve 2024 43799

CVE-2024-43799 is a template-injection and cross-site scripting (XSS) vulnerability in the widely used Node.js package 'send', which is commonly employed by Express applications and static-file pipelines to stream files. The vulnerability was fixed in the upstream package. Microsoft's Azure Linux includes this open-source library and is therefore potentially affected, as noted in the MSRC advisory. However, this attestation is product-scoped and does not guarantee that no other Microsoft product or image carries the same vulnerable component. Understanding the practical exposure for your estate and the appropriate response steps requires separating Microsoft's specific wording from the broader technical risk.