Tgies

**Name of the Vulnerable Software and Affected Versions** client-certificate-auth versions 0.2.1 through 0.3.0 **Description** The software is middleware for Node.js that implements client SSL certificate authentication and authorization. Versions 0.2.1 and 0.3.0 contain an open redirect issue. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated `Host` header, potentially allowing an attacker to redirect users to arbitrary domains. The vulnerable code is located in `lib/clientCertificateAuth.js`. The issue can lead to phishing attacks, OAuth/SSO token theft, referer leakage, and cache poisoning. Exploitation requires HTTP traffic to reach the application without TLS termination or with an improperly configured `x-forwarded-proto` header. The vulnerable redirect behavior has been removed in version 1.0.0. **Recommendations** Upgrade to client-certificate-auth version 1.0.0 or later. If upgrading is not immediately possible, block HTTP traffic at the network or load balancer level. Ensure your reverse proxy always sets `x-forwarded-proto: https`. Add middleware before `clientCertificateAuth` to validate the `Host` header against an allowlist.