Description
Whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly and protocol validation mechanisms may fail.
Recommendation
Update the urijs package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.19.9
- Patched version(s): 1.19.9
References
Related Issues
- url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. - CVE-2022-0691
- Incorrect protocol extraction via \r, \n and \t characters - CVE-2022-1243
- secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery - CVE-2022-41340
- URL Confusion When Scheme Not Supplied in medialize/uri.js - CVE-2022-1233
You might also like:
- Tags:
- npm
- urijs
Anything's wrong? Let us know Last updated on February 03, 2023