cve/2024/CVE-2024-29041.md

### [CVE-2024-29041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041)
![](https://img.shields.io/static/v1?label=Product&message=express&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D4.14.0%2C%20%3C4.19.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1286%3A%20Improper%20Validation%20of%20Syntactic%20Correctness%20of%20Input&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen)

### Description

Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Icare741/TPTrivy
- https://github.com/VulnZap/vulnzap-vscode-extention
- https://github.com/andrewbearsley/lacework-sca-scan-example
- https://github.com/dhushyanth-h-m/Audio_Transcriber
- https://github.com/felipecruz91/biznagafest24
- https://github.com/gunh0/kr-vulhub
- https://github.com/ifunky/demo-site
- https://github.com/qazipoor/React-Clothing-Shop