Submit #619741: KoaJS Koa <=3.0.0 commit cb22d8dc Open Redirectinfo

TitleKoaJS Koa <=3.0.0 commit cb22d8dc Open Redirect
DescriptionIn the latest version of Koa (<=3.0.0 commit cb22d8dc ), the back method used for redirect operations adopts an insecure implementation, which uses the user-controllable referrer header as the redirect target.
Source⚠️ https://github.com/koajs/koa/issues/1892
User
 ZAST.AI (UID 87884)
Submission07/21/2025 11:47 (11 months ago)
Moderation07/24/2025 17:24 (3 days later)
StatusAccepted
VulDB entry317514 [KoaJS Koa up to 3.0.0 HTTP Header lib/response.js back Referrer redirect]
Points17

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!