CVE-2022-24794 – express-openid-connect

Package

Manager: npm
Name: express-openid-connect
Vulnerable Version: >=0 <2.7.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

EPSS: 0.00232 pctl0.45946

Details

URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect ### Impact Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitised. ### Am I affected? You are affected by this vulnerability if you are using the `requiresAuth` middleware on a catch all route or the default `authRequired` option and `express-openid-connect` version `<=2.7.1`. ### How to fix that? Upgrade to version `>=2.7.2` ### Will this update impact my users? The fix provided in the patch will not affect your users.

Metadata

Created: 2022-03-31T22:44:47Z
Modified: 2022-03-31T22:44:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-7p99-3798-f85c/GHSA-7p99-3798-f85c.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-7p99-3798-f85c
Finding: F156
Auto approve: 1