CVE-2024-29041

A flaw was found in the Express.js minimalist web framework for node. Versions of Express.js before 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL,...

AZL-44361 CVE-2024-29041 affecting package nodejs-nodemon 2.0.3-5

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an...

CVE-2024-29041 Express.js Open Redirect in malformed URLs

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an...

CVE-2024-29041

CVE-2024-29041 – Open Redirect in Express.js . Express.js versions prior to 4.19.0 and all pre-release 5.0 alpha/beta are affected by an open redirect via user-provided redirect URLs. The flaw stems from encodeurl usage in res.location()/res.redirect(), allowing bypass of allowlists in redirectio...