Description
Whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly and protocol validation mechanisms may fail.
Recommendation
Update the urijs package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.19.9
- Patched version(s): 1.19.9
References
Related Issues
- Auth0 NextJS SDK v4 Missing Session Invalidation - CVE-2025-46344
- Potential DoS when using ContextLines integration - Vulnerability
- sanitize-html Information Exposure vulnerability - CVE-2024-21501
- json-schema-ref-parser Prototype Pollution issue - CVE-2024-29651
- Tags:
- npm
- urijs
Anything's wrong? Let us know Last updated on February 03, 2023