CVE-2022-1233Misinterpretation of Input in Uri.js

CWE-115Misinterpretation of InputCWE-601Open Redirect3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 59.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Medialize Uri.jsUri.js Project Uri.js
Timeline
PublishedApr 4
Latest updateApr 5

Description

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5medialize/medialize_uri.jsunspecified1.19.11
NVDuri.js_project/uri.js< 1.19.11

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
URL Confusion When Scheme Not Supplied in medialize/uri.js2022-04-05
OSV
URL Confusion When Scheme Not Supplied in medialize/uri.js2022-04-05