org.webjars.bower:urijs 1.18.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.bower:urijs package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in the `URI.parse()` function, which makes it possible to use `\r`, `\n\`, and `\t` characters. How to fix Cross-site Scripting (XSS)? Upgrade `org.webjars.bower:urijs` to version 1.19.11 or higher.	[,1.19.11)
M Misinterpretation of Input org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Misinterpretation of Input when parsing a URL without a scheme and with excessive slashes. How to fix Misinterpretation of Input? There is no fixed version for `org.webjars.bower:urijs`.	[0,)
M Open Redirect org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect by bypassing the fix for CVE-2022-0613 an attacker is still able to redirect. How to fix Open Redirect? There is no fixed version for `org.webjars.bower:urijs`.	[0,)
M Improper Input Validation org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation due to a possible bypass to the protocol validation, using leading whitespaces. How to fix Improper Input Validation? Upgrade `org.webjars.bower:urijs` to version 1.19.9 or higher.	[,1.19.9)
M Open Redirect org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect. An attacker can use case-insensitive protocol schemes in order to bypass the patch to CVE-2021-3647. How to fix Open Redirect? There is no fixed version for `org.webjars.bower:urijs`.	[0,)
M Open Redirect org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect. It mishandles certain uses of backslash such as `https:/\` and interprets the URI as a relative path. Browsers usually accept backslashes after the protocol, and treat it as a normal slash. PoC `var URI = require('urijs'); var url = new URI("https:/\/\/\www.google.com"); console.log(url); // Which will return --> path: "/www.google.com"` How to fix Open Redirect? There is no fixed version for `org.webjars.bower:urijs`.	[0,)
H Prototype Pollution org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Prototype Pollution via `parseQuery()`. How to fix Prototype Pollution? There is no fixed version for `org.webjars.bower:urijs`.	[0,)
M Improper Input Validation org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. How to fix Improper Input Validation? There is no fixed version for `org.webjars.bower:urijs`.	[0,)
M Improper Input Validation org.webjars.bower:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation. The hostname could be spoofed by using a backslash `(``)`character followed by an at`(`@`)` character. How to fix Improper Input Validation? There is no fixed version for `org.webjars.bower:urijs`.	[0,)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in the URI.parse() function, which makes it possible to use \r, \n\, and \t characters.

How to fix Cross-site Scripting (XSS)?

Upgrade org.webjars.bower:urijs to version 1.19.11 or higher.

[,1.19.11)

Misinterpretation of Input

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Misinterpretation of Input when parsing a URL without a scheme and with excessive slashes.

How to fix Misinterpretation of Input?

There is no fixed version for org.webjars.bower:urijs.

[0,)

Open Redirect

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Open Redirect by bypassing the fix for CVE-2022-0613 an attacker is still able to redirect.

How to fix Open Redirect?

There is no fixed version for org.webjars.bower:urijs.

[0,)

Improper Input Validation

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Improper Input Validation due to a possible bypass to the protocol validation, using leading whitespaces.

How to fix Improper Input Validation?

Upgrade org.webjars.bower:urijs to version 1.19.9 or higher.

[,1.19.9)

Open Redirect

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Open Redirect. An attacker can use case-insensitive protocol schemes in order to bypass the patch to CVE-2021-3647.

How to fix Open Redirect?

There is no fixed version for org.webjars.bower:urijs.

[0,)

Open Redirect

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Open Redirect. It mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers usually accept backslashes after the protocol, and treat it as a normal slash.

PoC

var URI = require('urijs');
var url = new URI("https:/\/\/\www.google.com");
console.log(url);  // Which will return -->  path: "/www.google.com"

How to fix Open Redirect?

There is no fixed version for org.webjars.bower:urijs.

[0,)

Prototype Pollution

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Prototype Pollution via parseQuery().

How to fix Prototype Pollution?

There is no fixed version for org.webjars.bower:urijs.

[0,)

Improper Input Validation

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.

How to fix Improper Input Validation?

There is no fixed version for org.webjars.bower:urijs.

[0,)

Improper Input Validation

org.webjars.bower:urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Improper Input Validation. The hostname could be spoofed by using a backslash (`)character followed by an at(@)` character.

How to fix Improper Input Validation?

There is no fixed version for org.webjars.bower:urijs.

[0,)

org.webjars.bower:urijs@1.18.1 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?

PoC