Impact
Users of the requiresAuth
middleware, either directly or through the default authRequired
option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route.
If all routes under example.com
are protected with the requiresAuth
middleware, a visit to http://example.com//google.com
will be redirected to google.com
after login because the original url reported by the Express framework is not properly sanitised.
Am I affected?
You are affected by this vulnerability if you are using the requiresAuth
middleware on a catch all route or the default authRequired
option and express-openid-connect
version <=2.7.1
.
How to fix that?
Upgrade to version >=2.7.2
Will this update impact my users?
The fix provided in the patch will not affect your users.