Vulnerability Description
URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patched in version 1.19.9. Removing leading whitespace from values before passing them to URI.parse can be used as a workaround.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Uri.Js Project | Uri.Js | < 1.19.9 |
Related Weaknesses (CWE)
References
- https://github.com/medialize/URI.js/releases/tag/v1.19.9Release NotesThird Party Advisory
- https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67fMitigationThird Party Advisory
- https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362adPatchThird Party Advisory
- https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5/ExploitIssue TrackingPatch
- https://github.com/medialize/URI.js/releases/tag/v1.19.9Release NotesThird Party Advisory
- https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67fMitigationThird Party Advisory
- https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362adPatchThird Party Advisory
- https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5/ExploitIssue TrackingPatch
FAQ
What is CVE-2022-24723?
CVE-2022-24723 is a vulnerability with a CVSS score of 5.3 (MEDIUM). URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patch...
How severe is CVE-2022-24723?
CVE-2022-24723 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24723?
Check the references section above for vendor advisories and patch information. Affected products include: Uri.Js Project Uri.Js.