55 matches found
fast-uri: fast-uri: URI authority bypass due to improper delimiter handling
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...
SUSE CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
Linux Distros Unpatched Vulnerability : CVE-2026-13676
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP- family URLs. The IDN conversion path calls a helper that do...
CVE-2026-13676
A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode Internationalized Domain Name - IDN hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when...
Interpretation Conflict
Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting...
Interpretation Conflict
Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...
DEBIAN-CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
UBUNTU-CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-13676 fast-uri vulnerable to host confusion via failed IDN canonicalization
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
EUVD-2026-40093
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
PT-2026-53267
Name of the Vulnerable Software and Affected Versions fast-uri versions 2.3.1 through 3.1.2 fast-uri version 4.0.0 Description The software fails to canonicalize Unicode Internationalized Domain Names IDN for HTTP-family URLs. This occurs because the IDN conversion path utilizes a helper missing...
Security Bulletin: Vulnerabilities in axios, follow-redirects, fast-uri and babel might affect IBM Storage Defender Sentinel Anomaly Scan Engine.
Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by axios, follow-redirects, fast-uri and babel. Vulnerabilities include allowing an attacker to create Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution, inject vulnerable code,...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs (CVE-2026-6322, CVE-2026-45740 & CVE-2026-6321)
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs. Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-uri normalize decoded percent-encoded authority...
SUSE CVE-2026-6322
fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...
fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator URL containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization...
ROOT-APP-NPM-CVE-2026-6322 CVE-2026-6322 in @rootio/fast-uri - Patched by Root
Root has patched CVE-2026-6322 in the @rootio/fast-uri package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-6321 CVE-2026-6321 in @rootio/fast-uri - Patched by Root
Root has patched CVE-2026-6321 in the @rootio/fast-uri package for Root:npm. Multiple fixed versions available...