Lucene search
+L

5 matches found

vulnersOsv
vulnersOsv
added 2025/02/12 7:23 p.m.12 views

@24hr/content-next (>=1.0.0 <=3.0.17), @akemona-org/strapi (>=3.10.1 <=3.17.2) +775 more potentially affected by CVE-2025-25200 via koa (>=2.0.0 <=2.15.3)

koa NPM version =2.0.0, =1.0.0, =3.10.1, =3.7.0, =4.25.19-patch.1, =0.0.1, =0.3.1, =0.0.1, =0.0.50, =0.0.7, =1.0.1, =0.0.0, =0.4.2-alpha.0, =0.15.0 and more Source cves: CVE-2025-25200 Source advisory: OSV:GHSA-593F-38F6-JP5M...

9.2CVSS6AI score0.00811EPSS
Exploits0
NVD
NVD
added 2025/02/12 6:15 p.m.28 views

CVE-2025-25200

Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....

9.2CVSS0.00811EPSS
Exploits0References7
Circl
Circl
added 2025/02/12 6:8 p.m.20 views

CVE-2025-25200

creationtimestamp| type| source ---|---|--- 2025-02-12 18:08:28+00:00| seen| https://infosec.exchange/users/cve/statuses/113992250696737741 2025-02-12 18:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyrreespr2i 2025-02-12 20:13:59+00:00| seen|...

9.2CVSS6AI score0.00811EPSS
Exploits0References4
CVE
CVE
added 2025/02/12 5:59 p.m.91 views

CVE-2025-25200

CVE-2025-25200 — Koa (Node.js): A regex-based issue in Koa’s header parsing (X-Forwarded-Proto/Host) before versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 can be exploited to cause a Denial-of-Service. The fix is included in those versions (and later). The vulnerability stems from an inefficie...

9.2CVSS6.5AI score0.00811EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/02/12 5:59 p.m.14 views

CVE-2025-25200 Koa has Inefficient Regular Expression Complexity

Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....

9.2CVSS5.7AI score0.00811EPSS
Exploits0References9
Rows per page
Query Builder