4 matches found
CVE-2022-24794
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...
CVE-2022-24794
Express OpenID Connect (express-openid-connect) CVE-2022-24794 describes an Open Redirect vulnerability when requiresAuth is applied on a catch-all route. Affected versions are prior to 2.7.2. The issue arises because the original URL reported by the Express framework is not properly sanitized, a...
CVE-2022-24794 Open Redirect in express-openid-connect
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...
@afiether/gateware-kit (>=1.0.0 <=1.2.18), @afiether/kit (>=1.0.0 <=1.2.17) +42 more potentially affected by CVE-2022-24794 via express-openid-connect (>=0.5.0 <=2.20.2)
express-openid-connect NPM version =0.5.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.0.0, =1.1.6, =1.2.9 and more Source cves: CVE-2022-24794 Source advisory: OSV:GHSA-7P99-3798-F85C...