URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
References
Link | Resource |
---|---|
https://advisory.checkmarx.net/advisory/CX-2021-4305 | Exploit Third Party Advisory |
https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839 | Patch Third Party Advisory |
https://github.com/medialize/URI.js/releases/tag/v1.19.6 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-21T23:29:56
Updated: 2021-03-30T15:51:07
Reserved: 2021-02-21T00:00:00
Link: CVE-2021-27516
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-22T00:15:12.620
Modified: 2022-11-29T15:01:10.963
Link: CVE-2021-27516
JSON object: View
Redhat Information
No data.
CWE