CVE-2025-8129

Опубликовано: 25 июл. 2025

Источник: nvd

CVSS3: 3.5

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/koajs/koa/issues/1892
https://github.com/koajs/koa/issues/1892#issue-3213028583
https://vuldb.com/?ctiid.317514
https://vuldb.com/?id.317514
https://vuldb.com/?submit.619741
https://github.com/koajs/koa/issues/1892

EPSS

Процентиль: 6%

0.00029

Низкий

3.5 Low

CVSS3

4 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2025-8129

CVSS3: 3.5

debian

около 1 месяца назад

A vulnerability, which was classified as problematic, was found in Koa ...

GHSA-jgmv-j7ww-jx2x

CVSS3: 3.5

github

28 дней назад

Koa Open Redirect via Referrer Header (User-Controlled)

EPSS

Процентиль: 6%

0.00029

Низкий

3.5 Low

CVSS3

4 Medium

CVSS2

Дефекты

CWE-601