CVE-2022-24723 Information

Description

URI.js is a Javascript URL mutation library. Before version 1.19.9 whitespace characters are not removed from the beginning of the protocol so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67f https://github.com/medialize/URI.js/releases/tag/v1.19.9 https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316 https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.3