Описание
A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitIssue TrackingPatchVendor Advisory
- ExploitIssue TrackingPatchThird Party AdvisoryVendor Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 2.16.2 (исключая)
Одно из
cpe:2.3:a:koajs:koa:*:*:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:-:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha0:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha1:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha2:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha3:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha4:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha5:*:*:*:node.js:*:*
EPSS
Процентиль: 15%
0.0005
Низкий
3.5 Low
CVSS3
6.1 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-601
Связанные уязвимости
CVSS3: 3.5
debian
7 месяцев назад
A vulnerability, which was classified as problematic, was found in Koa ...
CVSS3: 3.5
github
6 месяцев назад
Koa Open Redirect via Referrer Header (User-Controlled)
EPSS
Процентиль: 15%
0.0005
Низкий
3.5 Low
CVSS3
6.1 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-601