In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade @cedar-policy/authorization-for-expressjs to version 0.3.0 or higher.
@cedar-policy/authorization-for-expressjs is a Middlewares to authorize expressJS applications with Cedar
Affected versions of this package are vulnerable to Incorrect Authorization through improper matching of incoming requests using req.originalUrl. An attacker can gain unauthorized access to restricted endpoints by manipulating the query string to bypass intended authorization checks.
This vulnerability can be mitigated by validating and sanitizing incoming request paths before they reach the authorization middleware, and by ensuring applications do not rely solely on the middleware for authorization when defining multiple actions on overlapping path prefixes with different permission levels.