Impact
Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route.
If all routes under example.com are protected with the requiresAuth middleware, a visit to http://example.com//google.com will be redirected to google.com after login because the original url reported by the Express framework is not properly sanitised.
Am I affected?
You are affected by this vulnerability if you are using the requiresAuth middleware on a catch all route or the default authRequired option and express-openid-connect version <=2.7.1.
How to fix that?
Upgrade to version >=2.7.2
Will this update impact my users?
The fix provided in the patch will not affect your users.
Impact
Users of the
requiresAuthmiddleware, either directly or through the defaultauthRequiredoption, are vulnerable to an Open Redirect when the middleware is applied to a catch all route.If all routes under
example.comare protected with therequiresAuthmiddleware, a visit tohttp://example.com//google.comwill be redirected togoogle.comafter login because the original url reported by the Express framework is not properly sanitised.Am I affected?
You are affected by this vulnerability if you are using the
requiresAuthmiddleware on a catch all route or the defaultauthRequiredoption andexpress-openid-connectversion<=2.7.1.How to fix that?
Upgrade to version
>=2.7.2Will this update impact my users?
The fix provided in the patch will not affect your users.