Getting suspicious error on Nodejs web app

Question

I am getting the following error in my Nodejs running app:

URIError: Failed to decode param '/cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh'

What could be the cause and how to solve it ?

I searched for this error on web but did not found any results on how to solve the problem

Answer 1

Thank you @devpolo , using the following lines of code, solved my problem:

app.use(function(req, res, next) {
var err = null;
try {
    decodeURIComponent(req.path)
}
catch(e) {
    err = e;
}
if (err){
    console.log(err, req.url);
    return res.redirect('/404');    
}
next(); });

Answer 2

More about this vulnerability exploration: https://nvd.nist.gov/vuln/detail/CVE-2021-42013

simplifying:

app.use(function(req, res, next) {

try {
    decodeURIComponent(req.path)
}
catch(e) {
    console.log(new Date().toLocaleString(), req.url, e);
    return res.redirect('/404'); 
}
next(); });