Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package urijs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2021-27516 — CVSS 7.5 (high): URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2020-26291 — CVSS 6.5 (medium): URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a…
CVE-2022-1243 — CVSS 6.1 (medium): CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.
CVE-2022-24723 — CVSS 5.3 (medium): URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the…