Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/08 7:13 p.m.10 views

EUVD-2026-27248

fast-uri vulnerable to host confusion via percent-encoded authority delimiters...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 12:26 p.m.8 views

Interpretation Conflict

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters,...

8.7CVSS5.8AI score0.00475EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/05 10:29 a.m.6 views

CVE-2026-6322 fast-uri vulnerable to host confusion via percent-encoded authority delimiters

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 10:29 a.m.50 views

CVE-2026-6322

CVE-2026-6322 affects the fast-uri package. The vuln lies in normalize(): it decodes percent-encoded authority delimiters inside the host and then re-emits them as raw delimiters during serialization. This can cause a host, which combines an allowed domain, an encoded at-sign, and a different dom...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References20Affected Software1
Rows per page
Query Builder