Description

Koa is expressive middleware for Node.js using ES2017 async functions. In koa < 2.16.1 and < 3.0.0-alpha.5, passing untrusted user input to ctx.redirect() even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5.

INFO

Published Date :

2025-04-09T15:56:40.574Z

Last Modified :

2025-04-09T20:45:15.899Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32379 vulnerability.

Vendors Products
Koajs
  • Koa
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32379.

URL Resource
https://github.com/koajs/koa/commit/ff25eb4a7f2392df46481fe86355161067687312 cve-icon cve-icon cve-icon
https://github.com/koajs/koa/security/advisories/GHSA-x2rg-q646-7m2v cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-32379 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-32379 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact