cbcvebase.
CVE-2024-29041
published 2024-03-25

CVE-2024-29041: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open…

PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.79%
51.5th percentile
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiannode-express< node-express 4.19.2+~cs8.36.21-1 (forky)node-express 4.19.2+~cs8.36.21-1 (forky)
expressexpress>= 0 < 4.19.24.19.2
expressexpress>= 5.0.0-alpha.1 < 5.0.0-beta.35.0.0-beta.3
expressjsexpress
expressjsexpress
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrccbl2_reaper_3.1.1-8_on_cbl_mariner_2.0
msrccbl2_reaper_3.1.1-9_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
openjsfexpress< 4.19.24.19.2
openjsfexpress

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_msrc6.1MEDIUM
vendor_oracle6.1MEDIUM
vendor_redhat6.1MEDIUM
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.