Lucene search
K

6 matches found

Snyk
Snyk
added 2026/06/29 2:23 p.m.8 views

Interpretation Conflict

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:22 p.m.17 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.13 views

Fedora 42 : python-jupytext (2026-793b55138d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-793b55138d advisory. This update contains upgrades to various npm packages used during the build to address CVEs, namely: - CVE-2025-69873 ajv - CVE-2026-0540 DOMPurify ...

9.8CVSS6.5AI score0.01735EPSS
Exploits2References7
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

fast-uri 安全漏洞

fast-uri is an open-source, dependency-free RFC 3986 URI parser and toolkit developed by Fastify. Versions of fast-uri 3.1.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the normalize function decoding percent-encoded permission separators within the host...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/04 9:28 p.m.8 views

@activepieces/piece-ai (>=0.3.1 <=0.3.4), @evertondgn/polyhive-cli (=0.1.62) +5 more potentially affected by CVE-2026-6321 via fast-uri (>=3.0.1 <=3.1.0)

fast-uri NPM version =3.0.1, =0.3.1, =5.4.3, =1.0.0, =1.0.0, =2.2.0, =2.3.1 Source cves: CVE-2026-6321 Source advisory: SNYK:JS-FASTURI-16642399...

7.5CVSS5.8AI score0.00521EPSS
Exploits0
OSV
OSV
added 2026/05/04 8:16 p.m.5 views

DEBIAN-CVE-2026-6321

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize and equal functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...

7.5CVSS5.8AI score0.00521EPSS
Exploits0References1
Rows per page
Query Builder