CVE-2021-27516

Опубликовано: 22 фев. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.

Ссылки

https://advisory.checkmarx.net/advisory/CX-2021-4305
Exploit
Third Party Advisory
https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839
Patch
Third Party Advisory
https://github.com/medialize/URI.js/releases/tag/v1.19.6
Third Party Advisory
https://advisory.checkmarx.net/advisory/CX-2021-4305
Exploit
Third Party Advisory
https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839
Patch
Third Party Advisory
https://github.com/medialize/URI.js/releases/tag/v1.19.6
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:uri.js_project:uri.js:*:*:*:*:*:*:*:*

Версия до 1.19.6 (исключая)

EPSS

Процентиль: 67%

0.00552

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-27516

CVSS3: 7.5

redhat

почти 5 лет назад

URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

CVE-2021-27516

CVSS3: 7.5

debian

почти 5 лет назад

URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash ...

GHSA-p6j9-7xhc-rhwp

CVSS3: 7.5

github

почти 5 лет назад

URIjs Hostname spoofing via backslashes in URL

EPSS

Процентиль: 67%

0.00552

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo