CVE-2022-1243Improper Input Validation in Uri.js

CWE-20Improper Input Validation3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 43.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Medialize Uri.jsUri.js Project Uri.js
Timeline
PublishedApr 5
Latest updateApr 6

Description

CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5medialize/medialize_uri.jsunspecified1.19.11
NVDuri.js_project/uri.js< 1.19.11

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

2
OSV
Incorrect protocol extraction via \r, \n and \t characters2022-04-06
GHSA
Incorrect protocol extraction via \r, \n and \t characters2022-04-06