high
7
Advisory Published
Updated

REDHAT-BUG-2290901

First published: Fri Jun 07 2024(Updated: )

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](<a href="https://github.com/pillarjs/encodeurl">https://github.com/pillarjs/encodeurl</a>) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3. <a href="https://expressjs.com/en/4x/api.html#res.location">https://expressjs.com/en/4x/api.html#res.location</a> <a href="https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd">https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd</a> <a href="https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94">https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94</a> <a href="https://github.com/expressjs/express/pull/5539">https://github.com/expressjs/express/pull/5539</a> <a href="https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc">https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc</a> <a href="https://github.com/koajs/koa/issues/1800">https://github.com/koajs/koa/issues/1800</a>

Affected SoftwareAffected VersionHow to fix
Express.js<4.19.0<5.0.0-alpha<5.0.0-beta

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of REDHAT-BUG-2290901?

    The severity of REDHAT-BUG-2290901 is considered critical due to the potential for open redirect vulnerabilities.

  • How do I fix REDHAT-BUG-2290901?

    To fix REDHAT-BUG-2290901, upgrade to Express.js version 4.19.0 or later.

  • What versions of Express.js are affected by REDHAT-BUG-2290901?

    Express.js versions prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by REDHAT-BUG-2290901.

  • What type of vulnerability is described in REDHAT-BUG-2290901?

    REDHAT-BUG-2290901 describes an open redirect vulnerability that can occur when handling user-provided URLs.

  • What can happen if REDHAT-BUG-2290901 is exploited?

    Exploitation of REDHAT-BUG-2290901 can lead to phishing attacks where users are redirected to malicious sites.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203