LOW🇵🇱 Wersja polska

CVE-2025-8129

CVSS 2.0v4.0pub. 2025-07-25upd. 2026-04-29

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Koajs Koa

    APP
    Koajs
    3.0.02.0.0 – 2.16.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-25200CRITICAL9.2PL ✓ten sam produkt

Atak DoS przez podatność ReDoS w nagłówkach HTTP w Koa (Node.js)

CVE-2026-27959HIGH7.5ten sam produkt

Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's `ctx.hos...

CVE-2025-62595MEDIUM4.3ten sam produkt

Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and...

CVE-2025-32379MEDIUM5.0ten sam produkt

Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, pa...

CVE-2023-49803HIGH8.6ten sam vendor

@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to ver...