CVE-2024-31454: Express Req Url Path Confusion
Extracting path identifiers directly from `req.url` using string manipulation methods like `substring` or `slice` can lead to path confusion vulnerabilities. `req.url` includes the query string, meaning appended query parameters will be included in the extracted string. If downstream logic uses `req.path` or otherwise strips the query string, this discrepanc
JSgreprules fetch cve-2024-31454-express-req-url-path-confusion --engine opengrepDescription
Extracting path identifiers directly from `req.url` using string manipulation methods like `substring` or `slice` can lead to path confusion vulnerabilities. `req.url` includes the query string, meaning appended query parameters will be included in the extracted string. If downstream logic uses `req.path` or otherwise strips the query string, this discrepanc
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0