CNNVD-202510-2733 Information

CNNVD ID

CNNVD-202510-2733

Related CVE

CVE-2025-62595

• CNNVD Published: 2025-10-21

Description (Chinese)

koa是Koa.js开源的一个使用node.js表达性中间件。 koa 2.16.2版本至2.16.3之前版本和3.0.1版本至3.0.3之前版本存在输入验证错误漏洞，该漏洞源于错误处理特制URL，可能导致重定向攻击。

Description (English)

koa is an expression intermediate using node.js at Koa.js Open Source. koa 2.16.2 to 2.1.6.3 and 3.01 to 3.0.3 have input validation error holes, which stem from an error in the handling of specially designed URLs, which may lead to a redirectional attack.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Koa.js

Published

2025-10-21

Last Modified

2026-02-24

References

https://github.com/koajs/koa/commit/769fd75cc6b30d72493b370b5a3ae2332ca03c5b https://github.com/koajs/koa/security/advisories/GHSA-g8mr-fgfg-5qpc

Patch

https://github.com/koajs/koa/releases