Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-24723

Опубликовано: 03 мар. 2022
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.

An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
.NET Core 3.1 on Red Hat Enterprise Linuxrh-dotnet31-dotnetAffected
.NET Core 5.0 on Red Hat Enterprise Linuxrh-dotnet50-dotnetOut of support scope
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/mcm-topology-rhel8Will not fix
Red Hat Enterprise Linux 8dotnet3.1Will not fix
Red Hat Enterprise Linux 8dotnet5.0Will not fix
Red Hat Quay 3quay/quay-rhel8Will not fix
Red Hat Advanced Cluster Management for Kubernetes 2acm-grafana-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-must-gather-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2acm-operator-bundle-containerFixedRHSA-2022:168103.05.2022
Red Hat Advanced Cluster Management for Kubernetes 2application-ui-containerFixedRHSA-2022:168103.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1173
https://bugzilla.redhat.com/show_bug.cgi?id=2062370urijs: Leading white space bypasses protocol validation

EPSS

Процентиль: 65%
0.00491
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-24723

CVSS3: 5.3
ubuntu
почти 4 года назад

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.

nvd логотип

CVE-2022-24723

CVSS3: 5.3
nvd
почти 4 года назад

URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.

debian логотип

CVE-2022-24723

CVSS3: 5.3
debian
почти 4 года назад

URI.js is a Javascript URL mutation library. Before version 1.19.9, wh ...

github логотип

GHSA-gmv4-r438-p67f

CVSS3: 5.3
github
почти 4 года назад

Leading white space bypasses protocol validation

EPSS

Процентиль: 65%
0.00491
Низкий

5.3 Medium

CVSS3