CVE-2021-3647Open Redirect in Project Uri.js

CWE-601Open RedirectCWE-639Authorization Bypass Through User-Controlled Key7 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 61.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Uri.js Project Uri.jsMedialize Uri.js
Timeline
PublishedJul 16
Latest updateFeb 17

Description

URI.js is vulnerable to URL Redirection to Untrusted Site

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDuri.js_project/uri.js< 1.19.7
CVEListV5medialize/medialize_uri.jsunspecified1.19.6

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
Authorization Bypass Through User-Controlled Key in urijs2022-02-17
GHSA
Authorization Bypass Through User-Controlled Key in urijs2022-02-17
OSV
URIjs Vulnerable to Hostname spoofing via backslashes in URL2021-07-19
GHSA
URIjs Vulnerable to Hostname spoofing via backslashes in URL2021-07-19
OSV
CVE-2021-3647: URI2021-07-16

📋Vendor Advisories

1
Red Hat
urijs: Authorization Bypass Through User-Controlled Key2022-02-16