3 matches found
CVE-2025-62595 Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate th...
CVE-2025-62595 Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate th...
GHSA-G8MR-FGFG-5QPC Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic
Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...