Express open redirect
Open redirect vulnerability in Express response.redirect()
Severity CVSS
MEDIUM 6.1
Exploitation Shoulder
No known exploits
Fix available
No patch yet
How to fix
Affected packages
npm
Express
Is this in your code?
Shoulder scans your codebase and tells you if CVE-2024-29041 is reachable — not just present.
npx @shoulderdev/cli trust .
Technical details
Risk by Environment
Production (public-facing)
MEDIUM
Schedule patch in next sprint.
Staging
LOW
Patch when convenient.
Internal services
LOW
Low priority unless handling sensitive data.
Local dev only
LOW
Minimal concern for isolated environments.