Vulnerability	Vulnerable Version
L Cross-site Scripting (XSS) koa is a Koa web app framework Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `ctx.redirect()` function. An attacker can execute scripts on the user's browser or redirect users to malicious sites by supplying malicious input as an achor reference. How to fix Cross-site Scripting (XSS)? Upgrade `koa` to version 2.16.1, 3.0.0-alpha.5 or higher.	<2.16.1>=3.0.0-alpha.1 <3.0.0-alpha.5
C Regular Expression Denial of Service (ReDoS) koa is a Koa web app framework Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the parsing of `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `koa` to version 0.21.2, 1.7.1, 2.15.4, 3.0.0-alpha.3 or higher.	<0.21.2>=1.0.0 <1.7.1>=2.0.0-alpha.1 <2.15.4>=3.0.0-alpha.0 <3.0.0-alpha.3

Cross-site Scripting (XSS)

koa is a Koa web app framework

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ctx.redirect() function. An attacker can execute scripts on the user's browser or redirect users to malicious sites by supplying malicious input as an achor reference.

How to fix Cross-site Scripting (XSS)?

Upgrade koa to version 2.16.1, 3.0.0-alpha.5 or higher.

<2.16.1>=3.0.0-alpha.1 <3.0.0-alpha.5

Regular Expression Denial of Service (ReDoS)

koa is a Koa web app framework

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the parsing of X-Forwarded-Proto and X-Forwarded-Host HTTP headers.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade koa to version 0.21.2, 1.7.1, 2.15.4, 3.0.0-alpha.3 or higher.

<0.21.2>=1.0.0 <1.7.1>=2.0.0-alpha.1 <2.15.4>=3.0.0-alpha.0 <3.0.0-alpha.3

Go back to all versions of this package