Thetutlage

**Name of the Vulnerable Software and Affected Versions** @adonisjs/http-server versions prior to 7.8.1 @adonisjs/http-server versions 8.0.0-next.0 through 8.1.3 @adonisjs/core versions prior to 7.4.0 **Description** The `response.redirect().back()` method reads the `Referer` header from the incoming HTTP request and redirects to that URL without validating the host. An attacker who can influence the `Referer` header can cause the application to redirect users to a malicious external site. This affects all applications using `response.redirect().back()` or `response.redirect('back')`. **Recommendations** Update @adonisjs/http-server to version 7.8.1 or later. Update @adonisjs/http-server to version 8.2.0 or later. Update @adonisjs/core to version 7.4.0 or later. As a temporary workaround, avoid using the `response.redirect().back()` method in routes reachable by unauthenticated users or external traffic, and instead use `response.redirect().toPath()` to redirect to a known safe path. Configure additional trusted hosts via the `redirect.allowedHosts` option in `config/app.ts` for applications operating across multiple domains.