Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:35 p.m.14 views

CVE-2022-24794

Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...

7.5CVSS6.7AI score0.0071EPSS
Exploits0References1
CVE
CVE
added 2022/03/31 10:45 p.m.88 views

CVE-2022-24794

Express OpenID Connect (express-openid-connect) CVE-2022-24794 describes an Open Redirect vulnerability when requiresAuth is applied on a catch-all route. Affected versions are prior to 2.7.2. The issue arises because the original URL reported by the Express framework is not properly sanitized, a...

7.5CVSS6.4AI score0.0071EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/31 10:45 p.m.29 views

CVE-2022-24794 Open Redirect in express-openid-connect

Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...

7.5CVSS7.7AI score0.0071EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/03/31 10:44 p.m.4 views

@afiether/gateware-kit (>=1.0.0 <=1.2.18), @afiether/kit (>=1.0.0 <=1.2.17) +42 more potentially affected by CVE-2022-24794 via express-openid-connect (>=0.5.0 <=2.20.2)

express-openid-connect NPM version =0.5.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =0.0.2, =1.0.0, =1.0.0, =1.0.0, =1.1.6, =1.2.9 and more Source cves: CVE-2022-24794 Source advisory: OSV:GHSA-7P99-3798-F85C...

7.5CVSS6.3AI score0.0071EPSS
Exploits0
Rows per page
Query Builder