5 matches found
@24hr/content-next (>=1.0.0 <=3.0.17), @akemona-org/strapi (>=3.10.1 <=3.17.2) +775 more potentially affected by CVE-2025-25200 via koa (>=2.0.0 <=2.15.3)
koa NPM version =2.0.0, =1.0.0, =3.10.1, =3.7.0, =4.25.19-patch.1, =0.0.1, =0.3.1, =0.0.1, =0.0.50, =0.0.7, =1.0.1, =0.0.0, =0.4.2-alpha.0, =0.15.0 and more Source cves: CVE-2025-25200 Source advisory: OSV:GHSA-593F-38F6-JP5M...
CVE-2025-25200
Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....
CVE-2025-25200
creationtimestamp| type| source ---|---|--- 2025-02-12 18:08:28+00:00| seen| https://infosec.exchange/users/cve/statuses/113992250696737741 2025-02-12 18:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyrreespr2i 2025-02-12 20:13:59+00:00| seen|...
CVE-2025-25200
CVE-2025-25200 — Koa (Node.js): A regex-based issue in Koa’s header parsing (X-Forwarded-Proto/Host) before versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 can be exploited to cause a Denial-of-Service. The fix is included in those versions (and later). The vulnerability stems from an inefficie...
CVE-2025-25200 Koa has Inefficient Regular Expression Complexity
Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the X-Forwarded-Proto and X-Forwarded-Host HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21....