Описание
URL Confusion When Scheme Not Supplied in medialize/uri.js
Medialize is a Javascript URL mutation library. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse ///www.example.com as http://www.example.com instead. For example, the following will cause a redirect to http://www.example.com: A fix was released in version 1.19.11.
Пакеты
Наименование
urijs
npm
Затронутые версииВерсия исправления
< 1.19.11
1.19.11
Связанные уязвимости
CVSS3: 6.1
nvd
почти 4 года назад
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.