org.webjars.npm:fast-uri@3.1.0

latest version

3.1.0

first published

2 years ago

latest version published

2 months ago

licenses detected

BSD-3-Clause
[3.0.6,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:fast-uri package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Interpretation Conflict org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters, causing the host to be interpreted incorrectly during serialization. This can allow bypassing host allowlist checks, redirect validation, or outbound request routing by steering applications to an unintended authority. How to fix Interpretation Conflict? A fix was pushed into the `master` branch but not yet published.	[0,)
H Directory Traversal org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Directory Traversal via the `normalize()` or `equal()` functions. An attacker can bypass path-based access controls by submitting specially crafted percent-encoded or dot segments in URLs, causing the normalized path to resolve outside of the intended directory. How to fix Directory Traversal? A fix was pushed into the `master` branch but not yet published.	[0,)

Interpretation Conflict

org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox

Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters, causing the host to be interpreted incorrectly during serialization. This can allow bypassing host allowlist checks, redirect validation, or outbound request routing by steering applications to an unintended authority.

How to fix Interpretation Conflict?

A fix was pushed into the master branch but not yet published.

[0,)

Directory Traversal

org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox

Affected versions of this package are vulnerable to Directory Traversal via the normalize() or equal() functions. An attacker can bypass path-based access controls by submitting specially crafted percent-encoded or dot segments in URLs, causing the normalized path to resolve outside of the intended directory.

How to fix Directory Traversal?

A fix was pushed into the master branch but not yet published.

[0,)

Go back to all versions of this package