Description
urijs prior to version 1.19.10 is vulnerable to open redirect. This is the result of a bypass for the fix to CVE-2022-0613.
Recommendation
Update the urijs package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.19.10
- Patched version(s): 1.19.10
References
Related Issues
- Open Redirect in node-forge - CVE-2022-0122
- lobe-chat has an Open Redirect - CVE-2025-59426
- @astrojs/node's trailing slash handling causes open redirect issue - CVE-2025-55207
- undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect - CVE-2022-31151
- Tags:
- npm
- urijs
Anything's wrong? Let us know Last updated on February 03, 2023