6 matches found
Interpretation Conflict
Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting...
CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
Fedora 42 : python-jupytext (2026-793b55138d)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-793b55138d advisory. This update contains upgrades to various npm packages used during the build to address CVEs, namely: - CVE-2025-69873 ajv - CVE-2026-0540 DOMPurify ...
fast-uri 安全漏洞
fast-uri is an open-source, dependency-free RFC 3986 URI parser and toolkit developed by Fastify. Versions of fast-uri 3.1.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the normalize function decoding percent-encoded permission separators within the host...
@activepieces/piece-ai (>=0.3.1 <=0.3.4), @evertondgn/polyhive-cli (=0.1.62) +5 more potentially affected by CVE-2026-6321 via fast-uri (>=3.0.1 <=3.1.0)
fast-uri NPM version =3.0.1, =0.3.1, =5.4.3, =1.0.0, =1.0.0, =2.2.0, =2.3.1 Source cves: CVE-2026-6321 Source advisory: SNYK:JS-FASTURI-16642399...
DEBIAN-CVE-2026-6321
fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize and equal functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...