Express.js Authentication Bypass
Discription

Express.js is a popular web framework for Node.js. Google Extensible Service Proxy (ESP) is a scalable proxy provided by the Google Cloud Platform (GCP) used to provide API management features based on an OpenAPI or gRPC API backend. When an Express.js API is deployed with case insensitive routing (set by default) and behind Google ESP configured with the x-google-allow=all directive, a remote and unauthenticated attacker could craft specific requests to bypass Google ESP authentication on protected API…Read More

Back to Main

Subscribe for the latest news: