Moderate severityNVD Advisory· Published Apr 9, 2025· Updated Apr 9, 2025
XSS at ctx.redirect() function in Koajs
CVE-2025-32379
Description
Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
koanpm | < 2.16.1 | 2.16.1 |
koanpm | >= 3.0.0-alpha.1, < 3.0.0-alpha.5 | 3.0.0-alpha.5 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-x2rg-q646-7m2vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-32379ghsaADVISORY
- github.com/koajs/koa/commit/ff25eb4a7f2392df46481fe86355161067687312ghsax_refsource_MISCWEB
- github.com/koajs/koa/security/advisories/GHSA-x2rg-q646-7m2vghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.