Fluid Attacks Database

Description

Detects Express.js routes that accept requests without proper MIME type validation. When Express accepts any MIME type, attackers can send malicious content using unexpected content-types, potentially leading to request smuggling or server-side processing attacks.

Weakness:

153 - Insecure or unset HTTP headers - Accept

Category: Protocol Manipulation

Detection Strategy

• Identifies Express.js route handlers and middleware configurations in the codebase

• Checks if route configurations lack proper content-type restrictions or use unsafe MIME type acceptance

• Reports vulnerability when routes accept all MIME types or have overly permissive content-type settings

Vulnerable code example

const express = require('express')
const bodyParser = require('body-parser')

const app = express()

app.use(bodyParser.text({ type: '*/*' })) // Vulnerable: Accepts ANY content-type, enabling content-type confusion attacks
app.use(bodyParser.json())
...

✅ Secure code example

const express = require('express')
const bodyParser = require('body-parser')

const app = express()

// Only parse text/plain content type to prevent content-type confusion
app.use(bodyParser.text({ type: 'text/plain' }))
...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.