URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
References
Link | Resource |
---|---|
https://advisory.checkmarx.net/advisory/CX-2021-4305 | Exploit Third Party Advisory |
https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839 | Patch Third Party Advisory |
https://github.com/medialize/URI.js/releases/tag/v1.19.6 | Third Party Advisory |
https://advisory.checkmarx.net/advisory/CX-2021-4305 | Exploit Third Party Advisory |
https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839 | Patch Third Party Advisory |
https://github.com/medialize/URI.js/releases/tag/v1.19.6 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://advisory.checkmarx.net/advisory/CX-2021-4305 - Exploit, Third Party Advisory | |
References | () https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839 - Patch, Third Party Advisory | |
References | () https://github.com/medialize/URI.js/releases/tag/v1.19.6 - Third Party Advisory |
29 Nov 2022, 15:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:uri.js_project:uri.js:*:*:*:*:*:*:*:* |
23 May 2022, 22:26
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://advisory.checkmarx.net/advisory/CX-2021-4305 - Exploit, Third Party Advisory |
Information
Published : 2021-02-22 00:15
Updated : 2024-11-21 05:58
NVD link : CVE-2021-27516
Mitre link : CVE-2021-27516
CVE.ORG link : CVE-2021-27516
JSON object : View
Products Affected
uri.js_project
- uri.js
CWE