1.19.11
10 years ago
3 years ago
Known vulnerabilities in the urijs package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version | 
|---|---|
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in the  How to fix Cross-site Scripting (XSS)? Upgrade  | <1.19.11 | 
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Misinterpretation of Input when parsing a URL without a scheme and with excessive slashes. How to fix Misinterpretation of Input? Upgrade  | <1.19.11 | 
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect by bypassing the fix for CVE-2022-0613 an attacker is still able to redirect. How to fix Open Redirect? Upgrade  | <1.19.10 | 
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation due to a possible bypass to the protocol validation, using leading whitespaces. How to fix Improper Input Validation? Upgrade  | <1.19.9 | 
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect. An attacker can use case-insensitive protocol schemes in order to bypass the patch to CVE-2021-3647. How to fix Open Redirect? Upgrade  | <1.19.8 | 
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Open Redirect. It mishandles certain uses of backslash such as  PoCHow to fix Open Redirect? Upgrade  | <1.19.7 | 
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Prototype Pollution via  How to fix Prototype Pollution? Upgrade  | <1.19.7 | 
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. How to fix Improper Input Validation? Upgrade  | <1.19.6 | 
| 
 urijs is a Javascript library for working with URLs. Affected versions of this package are vulnerable to Improper Input Validation. The hostname could be spoofed by using a backslash  How to fix Improper Input Validation? Upgrade  | <1.19.4 |