CVE-2022-0613

描述

Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp etc. in order to bypass the patch for CVE-2021-3647.

受影響套件(1)

• npm/urijsfrom 0, < 1.19.8

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0613
• PATCHhttps://github.com/medialize/uri.js
• WEBhttps://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f
• WEBhttps://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083
• WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/MXSSATHALUSXXD2KT6UFZAX7EG4GR332