Description
urijs prior to version 1.19.10 is vulnerable to open redirect. This is the result of a bypass for the fix to CVE-2022-0613.
Recommendation
Update the urijs package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.19.10
- Patched version(s): 1.19.10
References
Related Issues
- URIjs Hostname spoofing via backslashes in URL - CVE-2021-27516
- Code Injection in cryo - CVE-2018-3784
- Code Injection in jsen - CVE-2020-7777
- openssl.js is malware - CVE-2017-16065
- Tags:
- npm
- urijs
Anything's wrong? Let us know Last updated on February 03, 2023