CVE-2024-29041

MEDIUM EPSS 51.5%
Published Mar 25, 20242y ago · Modified Jun 17, 20262w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
51.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-1286
CWE-601

Affected Products 11

VendorProductVersionRange
openjsfexpress* <4.19.2
openjsfexpress5.0.0any
openjsfexpress5.0.0any
openjsfexpress5.0.0any
openjsfexpress5.0.0any
openjsfexpress5.0.0any
openjsfexpress5.0.0any
openjsfexpress5.0.0any
openjsfexpress5.0.0any
openjsfexpress5.0.0any
openjsfexpress5.0.0any

References 6

  • expressjs.com https://expressjs.com/en/4x/api.html#res.location
    Technical Description
  • github.com https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd
    Patch
  • github.com https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
    Patch
  • github.com https://github.com/expressjs/express/pull/5539
    Issue Tracking
  • github.com https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc
    PatchVendor Advisory
  • github.com https://github.com/koajs/koa/issues/1800
    Issue Tracking

Remediation

  • github.com https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd
    Patch
  • github.com https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
    Patch
  • github.com https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc
    PatchVendor Advisory