CVE-2022-0613Authorization Bypass Through User-Controlled Key in Uri.js

CWE-639Authorization Bypass Through User-Controlled KeyCWE-601Open Redirect7 documents4 sources
Severity
6.5MEDIUMNVD
GHSA6.1OSV6.1
EPSS
0.1%
top 69.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Medialize Uri.jsUri.js Project Uri.jsFedoraproject Fedora
Timeline
PublishedFeb 16
Latest updateMar 7

Description

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDuri.js_project/uri.js< 1.19.8
CVEListV5medialize/medialize_uri.jsunspecified1.19.8

Also affects: Fedora 35

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

5
GHSA
Open Redirect in urijs2022-03-07
OSV
Open Redirect in urijs2022-03-07
OSV
Authorization Bypass Through User-Controlled Key in urijs2022-02-17
GHSA
Authorization Bypass Through User-Controlled Key in urijs2022-02-17
OSV
CVE-2022-0613: Authorization Bypass Through User-Controlled Key in NPM urijs prior to 12022-02-16

📋Vendor Advisories

1
Red Hat
urijs: Authorization Bypass Through User-Controlled Key2022-02-16
CVE-2022-0613 — Medialize Uri.js vulnerability | cvebase