Описание
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.
EPSS
Процентиль: 7%
0.00028
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 6.1
github
3 дня назад
client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect
EPSS
Процентиль: 7%
0.00028
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-601