EPSS
Percentile
31.2%
oidc-middleware is vulnerable to open redirect. The vulnerability exists because the ensureAuthenticated function of oidcUtil.js does not properly validate the request URLs, allowing an attacker to redirect the user to malicious URLs.
ensureAuthenticated
oidcUtil.js
github.com/okta/okta-oidc-middleware/commit/5d10b3ccdd5d6893de4d8b58696094267d30c113
github.com/okta/okta-oidc-middleware/pull/53
github.com/okta/okta-oidc-middleware/security/advisories/GHSA-58h4-9m7m-j9m4