Homepage

fast-uri@3.1.1

Dependency-free RFC 3986 URI toolbox

  • latest version

    3.1.2

  • latest non vulnerable version

    3.1.2

  • first published

    4 years ago

  • latest version published

    12 days ago

  • licenses detected

  • View fast-uri package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the fast-uri package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Interpretation Conflict

    fast-uri is a Dependency-free RFC 3986 URI toolbox

    Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters, causing the host to be interpreted incorrectly during serialization. This can allow bypassing host allowlist checks, redirect validation, or outbound request routing by steering applications to an unintended authority.

    How to fix Interpretation Conflict?

    Upgrade fast-uri to version 3.1.2 or higher.

    <3.1.2
    Go back to all versions of this package