1.19.11
8 years ago
2 years ago
Known vulnerabilities in the org.webjars.npm:urijs package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in the How to fix Cross-site Scripting (XSS)? Upgrade | [,1.19.11) |
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Misinterpretation of Input when parsing a URL without a scheme and with excessive slashes. How to fix Misinterpretation of Input? Upgrade | [,1.19.11) |
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect by bypassing the fix for CVE-2022-0613 an attacker is still able to redirect. How to fix Open Redirect? Upgrade | [,1.19.11) |
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation due to a possible bypass to the protocol validation, using leading whitespaces. How to fix Improper Input Validation? Upgrade | [,1.19.9) |
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect. An attacker can use case-insensitive protocol schemes in order to bypass the patch to CVE-2021-3647. How to fix Open Redirect? Upgrade | [,1.19.11) |
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect. It mishandles certain uses of backslash such as PoC
How to fix Open Redirect? Upgrade | [,1.19.11) |
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Prototype Pollution via How to fix Prototype Pollution? Upgrade | [,1.19.11) |
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. How to fix Improper Input Validation? Upgrade | [0,1.19.6) |
org.webjars.npm:urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation. The hostname could be spoofed by using a backslash How to fix Improper Input Validation? Upgrade | [0,1.19.6) |