4 matches found
EUVD-2025-32379
Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission = 'any', enabling unauthenticated SSRF for internal network scanning and service interaction. This issue affects...
CVE-2025-32379
Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...
CVE-2025-32379 XSS at ctx.redirect() function in Koajs
Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...
3dshex (>=0.1.0 <=0.5.3), 91jin (>=0.1.4 <=0.1.8) +1813 more potentially affected by CVE-2025-32379 via koa (>=0.0.1 <=2.16.0)
koa NPM version =0.0.1, =0.1.0, =0.1.4, =1.0.0, =1.0.0, =0.1.0, =3.10.1, =3.7.0, =4.25.19-patch.1, =0.0.1, =0.3.1, =0.0.1, =0.0.94 and more Source cves: CVE-2025-32379 Source advisory: OSV:GHSA-X2RG-Q646-7M2V...