4 matches found
Security Bulletin: A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management.
Summary A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management. Vulnerability Details CVEID: CVE-2020-26291 DESCRIPTION: Node.js urijs module could allow a remote attacker to conduct spoofing attacks, caused by improper input...
CVE-2020-26291
URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...
01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12913 more potentially affected by CVE-2020-26291 via urijs (>=1.16.1 <=1.19.3)
urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2020-26291 Source advisory: OSV:GHSA-3329-PJWV-FJPG...
CVE-2020-26291
CVE-2020-26291 affects the URI.js (urijs) library. In versions before 1.19.4, a hostname spoof can be performed by a backslash followed by an at character, potentially defeating security decisions and enabling bypasses of allow/block lists, SSRF, or open redirects depending on usage. Patched in 1...