CNNVD-202507-3166 Information

CNNVD ID

CNNVD-202507-3166

Related CVE

CVE-2025-8129

• CNNVD Published: 2025-07-25

Description (Chinese)

koa是Koa.js开源的一个使用node.js表达性中间件。 koa 3.0.0及之前版本存在安全漏洞，该漏洞源于HTTP标头处理组件中参数Referrer的错误操作，可能导致开放重定向。

Description (English)

koa is an expression intermediate using node.js at Koa.js Open Source. koa 3.0.0 and previous versions have a security loophole, which stems from the error of Referrer, the parameter in the HTTP header processing component, which may lead to open redirection.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Koa.js

Published

2025-07-25

Last Modified

2026-02-24

References

https://github.com/koajs/koa/issues/1892 https://github.com/koajs/koa/issues/1892#issue-3213028583 https://vuldb.com/?ctiid.317514 https://vuldb.com/?id.317514 https://vuldb.com/?submit.619741 https://access.redhat.com/security/cve/cve-2025-8129

Patch

https://github.com/koajs/koa/releases