5 matches found
Authorization Bypass Through User-Controlled Key in urijs
Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp etc. in order to bypass the patch for CVE-2021-3647...
GHSA-GCV8-GH4R-25X6 Authorization Bypass Through User-Controlled Key in urijs
Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp etc. in order to bypass the patch for CVE-2021-3647...
01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12922 more potentially affected by CVE-2021-3647 via urijs (>=1.16.1 <=1.19.6)
urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2021-3647 Source advisory: OSV:GHSA-89GV-H8WF-CG8R...
CVE-2021-3647
URI.js is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3647
CVE-2021-3647 affects Medialize URI.js (Node.js) and enables URL redirection to untrusted sites due to input/URL parsing validation issues in URI.js. Public details describe an open redirect vulnerability; Nessus/Huntr materials note unpatched deployments and indicate a bypass possibility in patc...