CVE-2024-57190: Express Trusted User Header Forwarded Without Stripping Incoming
This code writes the authenticated identity to the request 'user' HTTP header (e.g. as a Base64-encoded JSON blob) so it can be forwarded to downstream services, but the surrounding module never calls `delete req.headers['user']` to strip an attacker-supplied incoming 'user' header. An unauthenticated client can therefore set their own 'user' header on reque
greprules fetch cve-2024-57190-express-trusted-user-header-forwarded-without-stripping-incoming --engine opengrepDescription
This code writes the authenticated identity to the request 'user' HTTP header (e.g. as a Base64-encoded JSON blob) so it can be forwarded to downstream services, but the surrounding module never calls `delete req.headers['user']` to strip an attacker-supplied incoming 'user' header. An unauthenticated client can therefore set their own 'user' header on reque
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.