Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2022/02/17 12:0 a.m.26 views

Authorization Bypass Through User-Controlled Key in urijs

Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp etc. in order to bypass the patch for CVE-2021-3647...

6.5CVSS0.6AI score0.0158EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/02/17 12:0 a.m.3 views

GHSA-GCV8-GH4R-25X6 Authorization Bypass Through User-Controlled Key in urijs

Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp etc. in order to bypass the patch for CVE-2021-3647...

6.5CVSS6.4AI score0.0158EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2021/07/19 9:22 p.m.4 views

01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12922 more potentially affected by CVE-2021-3647 via urijs (>=1.16.1 <=1.19.6)

urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2021-3647 Source advisory: OSV:GHSA-89GV-H8WF-CG8R...

6.1CVSS6.3AI score0.0091EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2021/07/16 11:15 a.m.25 views

CVE-2021-3647

URI.js is vulnerable to URL Redirection to Untrusted Site...

6.1CVSS6.4AI score0.0091EPSS
Exploits1References3
CVE
CVE
added 2021/07/16 10:11 a.m.103 views

CVE-2021-3647

CVE-2021-3647 affects Medialize URI.js (Node.js) and enables URL redirection to untrusted sites due to input/URL parsing validation issues in URI.js. Public details describe an open redirect vulnerability; Nessus/Huntr materials note unpatched deployments and indicate a bypass possibility in patc...

6.1CVSS5.8AI score0.0091EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder