This repository has been archived by the owner on Jul 21, 2023. It is now read-only.
CVE-2022-24723 (Medium) detected in urijs-1.19.7.tgz #1182
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
CVE-2022-24723 - Medium Severity Vulnerability
Vulnerable Library - urijs-1.19.7.tgz
URI.js is a Javascript library for working with URLs.
Library home page: https://registry.npmjs.org/urijs/-/urijs-1.19.7.tgz
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.
Publish Date: 2022-03-03
URL: CVE-2022-24723
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-gmv4-r438-p67f
Release Date: 2022-03-03
Fix Resolution: 1.19.9
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: