GHSA-X2RG-Q646-7M2V Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function
Summary In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. Patches This issue is patched in 2.16.1 and 3.0.0-alpha.5. PoC Coming soon... Impact 1. Redirect user to another phishing site 2...