Uri.js Security Vulnerabilities and Issues — Uri.js CVE List | Vulners.com

Lucene search

K

Uri.js ProjectUri.js

8 matches found

CVE•added 2022/02/16 9:15 a.m.•215 views

CVE-2022-0613

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.

6.5CVSS5.8AI score0.00024EPSS

CVE•added 2022/03/03 9:15 p.m.•150 views

CVE-2022-24723

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can ...

5.3CVSS5.4AI score0.00124EPSS

CVE•added 2022/03/06 4:15 p.m.•89 views

CVE-2022-0868

Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.

8CVSS6.4AI score0.00309EPSS

CVE•added 2020/12/31 12:15 a.m.•88 views

CVE-2020-26291

URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (\) character followed by an at (@) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage ...

6.5CVSS6.4AI score0.00581EPSS

CVE•added 2022/04/05 3:15 p.m.•87 views

CVE-2022-1243

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.

7.2CVSS6.1AI score0.00318EPSS

CVE•added 2021/02/22 12:15 a.m.•80 views

CVE-2021-27516

URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.

7.5CVSS7.3AI score0.00552EPSS

CVE•added 2021/07/16 11:15 a.m.•80 views

CVE-2021-3647

URI.js is vulnerable to URL Redirection to Untrusted Site

6.1CVSS5.8AI score0.00175EPSS

CVE•added 2022/04/04 8:15 p.m.•77 views

CVE-2022-1233

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.

6.5CVSS6.3AI score0.00236EPSS