GHSA-G8MR-FGFG-5QPC Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic
Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...