@koa/cors is a Cross-Origin Resource Sharing(CORS) for koa
Affected versions of this package are vulnerable to Origin Validation Error. An attacker can bypass the Same Origin Policy (SOP) by sending a request from an untrusted origin. This is only exploitable if the middleware is used in a production environment without proper origin restrictions.
Upgrade @koa/cors to version 5.0.0 or higher.