-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is an open redirect within the back function of the Koa response object, located in lib/response.js. The initial code blindly trusted the Referrer HTTP header, using its value for redirection without any safety checks. This allows an attacker to craft a request where the Referrer header points to a malicious external domain. When the application calls ctx.response.back(), the user is redirected to the attacker's site. The provided patch addresses this by introducing validation. It checks if the Referrer is a relative path (starts with '/') or, if it's an absolute URL, it verifies that the hostname matches the application's own hostname. If the Referrer is from a different origin, the redirection is aborted, and a safe fallback ('/') is used instead. The vulnerable function is clearly response.back as it is the one processing the untrusted Referrer header and performing the redirection.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| koa | npm | < 3.0.1 | 3.0.1 |
JavaScriptJavaScriptOngoing coverage of React2Shell