GHSA-7p99-3798-f85c

Source

https://github.com/advisories/GHSA-7p99-3798-f85c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-7p99-3798-f85c/GHSA-7p99-3798-f85c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7p99-3798-f85c

Aliases

CVE-2022-24794

Published

2022-03-31T22:44:47Z

Modified

2023-11-08T04:08:36.775113Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N CVSS Calculator

Summary

URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect

Details

Impact

Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route.

If all routes under example.com are protected with the requiresAuth middleware, a visit to http://example.com//google.com will be redirected to google.com after login because the original url reported by the Express framework is not properly sanitised.

Am I affected?

You are affected by this vulnerability if you are using the requiresAuth middleware on a catch all route or the default authRequired option and express-openid-connect version <=2.7.1.

How to fix that?

Upgrade to version >=2.7.2

Will this update impact my users?

The fix provided in the patch will not affect your users.

Database specific

{
    "github_reviewed": true,
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-601"
    ],
    "nvd_published_at": "2022-03-31T23:15:00Z",
    "github_reviewed_at": "2022-03-31T22:44:47Z"
}

References

Affected packages

npm / express-openid-connect

Package

Name: express-openid-connect; View open source insights on deps.dev
Purl: pkg:npm/express-openid-connect

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.2