#VU88532 Open redirect in Express


Published: 2024-04-15

Vulnerability identifier: #VU88532

Vulnerability risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29041

CWE-ID: CWE-601

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Express
Web applications / JS libraries

Vendor: Express.js

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in malformed URLs. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Express: 4.19.0 - 4.19.1

External links
http://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc
http://github.com/koajs/koa/issues/1800
http://github.com/expressjs/express/pull/5539
http://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd
http://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
http://expressjs.com/en/4x/api.html#res.location

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM App Connect Enterprise
Multiple vulnerabilities in IBM Business Automation Workflow
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
Open redirect in IBM Decision Optimization for Cloud Pak for Data
Multiple vulnerabilities in IBM Business Automation Insights
Open redirect in Broker
Open redirect in Express