5 matches found
CVE-2022-1233
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer components that use Designer flows may be vulnerable to CVE-2022-1233
Summary Node.js module URI.js is used by IBM App Connect Enterprise Certified Container for processing URIs in Designer flows. IBM App Connect Enterprise Certified Container IntegrationServers that Designer flows may be vulnerable to CVE-2022-1233. This bulletin provides patch information to...
@accordproject/cicero-cli (>=0.3.4 <=0.24.1-20231019073743), @accordproject/cicero-common (>=0.3.4 <=0.3.12) +450 more potentially affected by CVE-2022-1233 via urijs (>=1.16.1 <=1.19.10)
urijs NPM version =1.16.1, =0.3.4, =0.3.4, =0.3.4, =0.3.4, =0.4.5-20180705184508, =0.11.2-20190326183124, =0.10.2-20190213145246, =0.0.5, =0.71.8-20190915045234, =0.80.2, =0.80.4-20191003231621, =0.61.2-20190916200303, =0.90.1-20200514190616, =0.6.0-alpha.0, =0.6.0, =0.91.1-20200514222339 and mor...
CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11...
CVE-2022-1233
CVE-2022-1233 affects the medialize/uri.js library. When parsing URLs without a scheme and with excessive slashes, the library may treat the hostname as null and set the path to /www.example.com, leading to URL confusion. This issue is fixed in version 1.19.11; prior releases are vulnerable. Affe...