Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-8129

Опубликовано: 25 июл. 2025
Источник: nvd
CVSS3: 3.5
CVSS3: 6.1
CVSS2: 4
EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:koajs:koa:*:*:*:*:*:node.js:*:*
Версия от 2.0.0 (включая) до 2.16.2 (исключая)
cpe:2.3:a:koajs:koa:3.0.0:-:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha0:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha1:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha2:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha3:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha4:*:*:*:node.js:*:*
cpe:2.3:a:koajs:koa:3.0.0:alpha5:*:*:*:node.js:*:*

EPSS

Процентиль: 19%
0.00059
Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

redhat логотип

CVE-2025-8129

CVSS3: 6.1
redhat
8 месяцев назад

A vulnerability, which was classified as problematic, was found in KoaJS Koa up to 3.0.0. Affected is the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

debian логотип

CVE-2025-8129

CVSS3: 3.5
debian
8 месяцев назад

A vulnerability, which was classified as problematic, was found in Koa ...

github логотип

GHSA-jgmv-j7ww-jx2x

CVSS3: 3.5
github
8 месяцев назад

Koa Open Redirect via Referrer Header (User-Controlled)

EPSS

Процентиль: 19%
0.00059
Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-601