6 matches found
coherent-gameface-router (>=1.0.1 <=3.1.0), redirect-nginx-generator (=1.0.0) potentially affected by CVE-2022-25839 via url-js (=0.2.6)
url-js NPM version =0.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on url-js and may be impacted: - coherent-gameface-router =1.0.1, =3.1.0 - redirect-nginx-generator =1.0.0 Source cves: CVE-2022-25839 Source advisory: OSV:GHSA-RF54-44JR-Q5VF...
CVE-2022-25839
creationtimestamp| type| source ---|---|--- 2022-03-11 22:21:14+00:00| seen| https://t.me/cibsecurity/38828...
CVE-2022-25839
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...
CVE-2022-25839
The CVE concerns the JavaScript package url-js prior to version 2.1.0 . The vulnerability arises from improper input validation during parsing in the URL.js parser, allowing hostname spoofing (for example, both http://\\\\localhost and http://localhost are treated as the same URL, with the backsl...
CVE-2022-25839 Improper Input Validation
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...
CVE-2022-25839
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...