VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-axqm-hk9c-53gn

Essentials
Severities (40)
References (18)
Severity details (25)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-axqm-hk9c-53gn
Aliases	CVE-2024-29041 GHSA-rv95-896h-c2vc
Summary	Express.js Open Redirect in malformed URLs ### Impact Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. ### Patches https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94 An initial fix went out with `express@4.19.0`, we then patched a feature regression in `4.19.1` and added improved handling for the bypass in `4.19.2`. ### Workarounds The fix for this involves pre-parsing the url string with either `require('node:url').parse` or `new URL`. These are steps you can take on your own before passing the user input string to `res.location` or `res.redirect`. ### Resources https://github.com/expressjs/express/pull/5539 https://github.com/koajs/koa/issues/1800 https://expressjs.com/en/4x/api.html#res.location
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1286	Improper Validation of Syntactic Correctness of Input
CWE-601	URL Redirection to Untrusted Site ('Open Redirect')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29041.json
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00114	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-29041
cvssv3.1	6.1	https://expressjs.com/en/4x/api.html#res.location
generic_textual	MODERATE	https://expressjs.com/en/4x/api.html#res.location
ssvc	Track	https://expressjs.com/en/4x/api.html#res.location
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-rv95-896h-c2vc
cvssv3.1	6.1	https://github.com/expressjs/express
generic_textual	MODERATE	https://github.com/expressjs/express
cvssv3.1	6.1	https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd
generic_textual	MODERATE	https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd
ssvc	Track	https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd
cvssv3.1	6.1	https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
generic_textual	MODERATE	https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
ssvc	Track	https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
cvssv3.1	6.1	https://github.com/expressjs/express/pull/5539
generic_textual	MODERATE	https://github.com/expressjs/express/pull/5539
ssvc	Track	https://github.com/expressjs/express/pull/5539
cvssv3.1	6.1	https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc
cvssv3.1_qr	MODERATE	https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc
generic_textual	MODERATE	https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc
ssvc	Track	https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc
cvssv3.1	6.1	https://github.com/koajs/koa/issues/1800
generic_textual	MODERATE	https://github.com/koajs/koa/issues/1800
ssvc	Track	https://github.com/koajs/koa/issues/1800
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2024-29041
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-29041

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29041.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-29041
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041
		https://expressjs.com/en/4x/api.html#res.location
		https://github.com/expressjs/express
		https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd
		https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94
		https://github.com/expressjs/express/pull/5539
		https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc
		https://github.com/koajs/koa/issues/1800
		https://nvd.nist.gov/vuln/detail/CVE-2024-29041
1068346		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068346
2290901		https://bugzilla.redhat.com/show_bug.cgi?id=2290901
GHSA-rv95-896h-c2vc		https://github.com/advisories/GHSA-rv95-896h-c2vc
RHSA-2024:3868		https://access.redhat.com/errata/RHSA-2024:3868
RHSA-2024:6211		https://access.redhat.com/errata/RHSA-2024:6211
RHSA-2024:7624		https://access.redhat.com/errata/RHSA-2024:7624
USN-7581-1		https://usn.ubuntu.com/7581-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29041.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://expressjs.com/en/4x/api.html#res.location

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-26T13:59:28Z/ Found at https://expressjs.com/en/4x/api.html#res.location

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/expressjs/express

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-26T13:59:28Z/ Found at https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-26T13:59:28Z/ Found at https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/expressjs/express/pull/5539

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-26T13:59:28Z/ Found at https://github.com/expressjs/express/pull/5539

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-26T13:59:28Z/ Found at https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/koajs/koa/issues/1800

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-26T13:59:28Z/ Found at https://github.com/koajs/koa/issues/1800

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-29041

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.30062
EPSS Score	0.00114
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:50:54.333031+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-rv95-896h-c2vc/GHSA-rv95-896h-c2vc.json	38.0.0