GHSA-mvw6-62qv-vmqf – koa

Package

Manager: npm
Name: koa
Vulnerable Version: <0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Koa Open Redirect via Referrer Header (User-Controlled) ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jgmv-j7ww-jx2x. This link is maintained to preserve external references. ### Original Description A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Metadata

Created: 2025-07-25T06:30:30Z
Modified: 2025-07-29T19:06:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-mvw6-62qv-vmqf/GHSA-mvw6-62qv-vmqf.json
CWE IDs: ["CWE-601"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0