URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.
References
Link | Resource |
---|---|
https://github.com/medialize/URI.js/releases/tag/v1.19.9 | Release Notes Third Party Advisory |
https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67f | Mitigation Third Party Advisory |
https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316 | Patch Third Party Advisory |
https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5/ | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-03-03T20:35:11
Updated: 2022-03-03T20:35:11
Reserved: 2022-02-10T00:00:00
Link: CVE-2022-24723
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-03T21:15:07.813
Modified: 2023-07-03T20:35:47.993
Link: CVE-2022-24723
JSON object: View
Redhat Information
No data.
CWE