WRITEUP

WRITEUP

Exploit for CVE-2024-29041 - Openjsf Express < 4.19.2 - Open Redirect

AI Analysis

This is a patch file addressing CVE-2024-29041, an open redirect vulnerability in Express.js. The patch modifies the `res.location` function to properly encode URLs and prevent bypass of the allow list by ensuring consistent handling of URL encoding and host validation.

Attack Type

open_redirect

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1106 - Native API

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94

Authors

Blake Embrey Jon Church Wes Todd

Vulnerability

CVE-2024-29041

Openjsf Express < 4.19.2 - Open Redirect

MEDIUM

CVSS 6.1