Описание
Authorization Bypass Through User-Controlled Key in urijs
Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp etc. in order to bypass the patch for CVE-2021-3647.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-0613
- https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f
- https://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MXSSATHALUSXXD2KT6UFZAX7EG4GR332
Пакеты
Наименование
urijs
npm
Затронутые версииВерсия исправления
< 1.19.8
1.19.8
Связанные уязвимости
CVSS3: 6.5
ubuntu
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
CVSS3: 6.5
redhat
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
CVSS3: 6.5
nvd
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
CVSS3: 6.5
debian
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...