Description
urijs prior to version 1.19.10 is vulnerable to open redirect. This is the result of a bypass for the fix to CVE-2022-0613.
Recommendation
Update the urijs package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.19.10
- Patched version(s): 1.19.10
References
Related Issues
- Open Redirect in node-forge - CVE-2022-0122
- Open redirect in url-parse (GHSA-hh27-ffr2-f2jc) - CVE-2021-3664
- undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect - CVE-2022-31151
- Open Redirect in url-parse - CVE-2018-3774
- Tags:
- npm
- urijs
Anything's wrong? Let us know Last updated on February 03, 2023