Vulnerability CVE-2022-24723
Published: 2022-03-03

Description:
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Urijs project -> Urijs 

 References:
https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67f
https://github.com/medialize/URI.js/releases/tag/v1.19.9
https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316
https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5/
Copyright 2024, cxsecurity.com

 

Back to Top