VYPR
Moderate severityNVD Advisory· Published Apr 9, 2025· Updated Apr 9, 2025

XSS at ctx.redirect() function in Koajs

CVE-2025-32379

Description

Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
koanpm
< 2.16.12.16.1
koanpm
>= 3.0.0-alpha.1, < 3.0.0-alpha.53.0.0-alpha.5

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.