Tgies - Client-certificate-auth CVE

Filtered by vendor Tgies Subscribe

Filtered by product Client-certificate-auth

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2026-25651	1 Tgies	1 Client-certificate-auth	2026-02-24	N/A	6.1 MEDIUM
client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Host header, allowing an attacker to redirect users to arbitrary domains. This vulnerability is fixed in 1.0.0.

Vulnerabilities (CVE)