SUSE CVE-2022-0613

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...

EUVD-2022-1011

Malicious code in bioql PyPI...

RHEL 8 : dotnet5.0 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - urijs: Authorization Bypass Through User-Controlled Key CVE-2022-0613 - URI.js is a Javascript URL mutati...

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.1 release and security update

A minor version update from 7.11 to 7.11.1 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

urijs: Authorization Bypass Through User-Controlled Key

A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch...

urijs: Leading white space bypasses protocol validation

An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.4 General Availability release images. This update provides security fixes, bug fixes, and updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System...

urijs: Authorization Bypass Through User-Controlled Key

A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch...

urijs: Authorization Bypass Through User-Controlled Key

A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch...

@accordproject/cicero-cli (>=0.3.4 <=0.24.1-20231019073743), @accordproject/cicero-common (>=0.3.4 <=0.3.12) +450 more potentially affected by CVE-2022-1243 via urijs (>=1.16.1 <=1.19.10)

urijs NPM version =1.16.1, =0.3.4, =0.3.4, =0.3.4, =0.3.4, =0.4.5-20180705184508, =0.11.2-20190326183124, =0.10.2-20190213145246, =0.0.5, =0.71.8-20190915045234, =0.80.2, =0.80.4-20191003231621, =0.61.2-20190916200303, =0.90.1-20200514190616, =0.6.0-alpha.0, =0.6.0, =0.91.1-20200514222339 and mor...

GHSA-3VJF-82FF-P4R3 Incorrect protocol extraction via \r, \n and \t characters

\r, \n and \t characters in user-input URLs can potentially lead to incorrect protocol extraction when using npm package urijs prior to version 1.19.11. This can lead to XSS when the module is used to prevent passing in malicious javascript: links into HTML or Javascript see following example:...

@accordproject/cicero-cli (>=0.3.4 <=0.24.1-20231019073743), @accordproject/cicero-common (>=0.3.4 <=0.3.12) +450 more potentially affected by CVE-2022-1233 via urijs (>=1.16.1 <=1.19.10)

urijs NPM version =1.16.1, =0.3.4, =0.3.4, =0.3.4, =0.3.4, =0.4.5-20180705184508, =0.11.2-20190326183124, =0.10.2-20190213145246, =0.0.5, =0.71.8-20190915045234, =0.80.2, =0.80.4-20191003231621, =0.61.2-20190916200303, =0.90.1-20200514190616, =0.6.0-alpha.0, =0.6.0, =0.91.1-20200514222339 and mor...

CVE-2022-24723

An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation...

Open Redirect

urijs is vulnerable to open redirect. Lack of proper handling of excessive colons in scheme delimiter allows an attacker to parse malicious URL to redirect the user...

@accordproject/cicero-cli (>=0.3.4 <=0.21.27-20210409091004), @accordproject/cicero-common (>=0.3.4 <=0.3.12) +445 more potentially affected by CVE-2022-0868 via urijs (>=1.16.1 <=1.19.1)

urijs NPM version =1.16.1, =0.3.4, =0.3.4, =0.3.4, =0.3.4, =0.4.5-20180705184508, =0.11.2-20190326183124, =0.10.2-20190213145246, =0.0.5, =0.71.8-20190915045234, =0.80.2, =0.80.4-20191003231621, =0.61.2-20190916200303, =0.90.1-20200514190616, =0.6.0-alpha.0, =0.6.0, =0.91.1-20200514222339 and mor...

Open Redirect in urijs

urijs prior to version 1.19.10 is vulnerable to open redirect. This is the result of a bypass for the fix to CVE-2022-0613...

GHSA-8H2F-7JC4-7M3M Open Redirect in urijs

urijs prior to version 1.19.10 is vulnerable to open redirect. This is the result of a bypass for the fix to CVE-2022-0613...

01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12743 more potentially affected by CVE-2022-24723 via urijs (>=1.16.1 <=1.19.8)

urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2022-24723 Source advisory: OSV:GHSA-GMV4-R438-P67F...

Open Redirect

Description bypass https://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083/ urijs fix CVE-2022-0613 , however attacker can bypass to exploit this issue Proof of Concept // PoC.js var URI = require'urijs'; var url = new URI"https::\\github.com/foo/bar"; console.logurl; output: URI string:...

Authorization Bypass

urijs is vulnerable to Authorization Bypass. The vulnerability exists in the User-Controlled Key due to the case-sensitive checks which not properly configured, allowing an attacker to bypass and gain access...