Lucene search
+L

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/05/07 6:40 p.m.11 views

Security Bulletin: A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management.

Summary A security vulnerability in Node.js urijs module affects IBM Cloud Pak for Multicloud Management Infrastructure management. Vulnerability Details CVEID: CVE-2020-26291 DESCRIPTION: Node.js urijs module could allow a remote attacker to conduct spoofing attacks, caused by improper input...

6.5CVSS1.8AI score0.0169EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/12/31 12:15 a.m.13 views

CVE-2020-26291

URI.js is a javascript URL mutation library npm package urijs. In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash \ character followed by an at @ character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and...

6.5CVSS6.9AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2020/12/30 11:40 p.m.7 views

01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12913 more potentially affected by CVE-2020-26291 via urijs (>=1.16.1 <=1.19.3)

urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2020-26291 Source advisory: OSV:GHSA-3329-PJWV-FJPG...

6.5CVSS6.7AI score0.0169EPSS
Exploits0
CVE
CVE
added 2020/12/30 11:40 p.m.132 views

CVE-2020-26291

CVE-2020-26291 affects the URI.js (urijs) library. In versions before 1.19.4, a hostname spoof can be performed by a backslash followed by an at character, potentially defeating security decisions and enabling bypasses of allow/block lists, SSRF, or open redirects depending on usage. Patched in 1...

6.5CVSS6.4AI score0.0169EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder