CVE-2022-24723: Improper Input Validation in URI.js
First published: Thu Mar 03 2022(Updated: )
An improper input validation flaw was found in urijs where white space characters are not removed from the beginning of an URL. This issue allows bypassing the protocol validation.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Uri.js Project Uri.js | <1.19.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/medialize/URI.js/releases/tag/v1.19.9
- https://github.com/medialize/URI.js/security/advisories/GHSA-gmv4-r438-p67f
- https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316
- https://huntr.dev/bounties/82ef23b8-7025-49c9-b5fc-1bb9885788e5/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2062372
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2062371
- https://github.com/RedHatInsights/insights-remediations/blob/master/package-lock.json
- https://github.com/RedHatInsights/insights-remediations-frontend/blob/master/package-lock.json
- https://github.com/RedHatInsights/insights-advisor-frontend/blob/production/package-lock.json
- https://github.com/RedHatInsights/compliance-frontend/blob/master/package-lock.json
- https://access.redhat.com/errata/RHSA-2022:1681
- https://access.redhat.com/errata/RHSA-2022:1715
- https://access.redhat.com/security/cve/cve-2022-24723
- https://access.redhat.com/errata/RHSA-2022:8652
- https://bugzilla.redhat.com/show_bug.cgi?id=2062370
- https://www.cve.org/CVERecord?id=CVE-2022-24723 https://nvd.nist.gov/vuln/detail/CVE-2022-24723
Frequently Asked Questions
What is CVE-2022-24723?
CVE-2022-24723 is an improper input validation flaw in urijs where white space characters are not removed from the beginning of the protocol, causing URLs to not be parsed properly.
What is the severity of CVE-2022-24723?
The severity of CVE-2022-24723 is medium with a severity value of 5.3.
How does CVE-2022-24723 impact urijs?
CVE-2022-24723 impacts urijs by allowing white space characters at the beginning of the protocol, which leads to incorrect URL parsing.
How can CVE-2022-24723 be fixed?
CVE-2022-24723 can be fixed by upgrading to version 1.19.9 of urijs, which has a patch for the issue.
What are the references for CVE-2022-24723?
The references for CVE-2022-24723 are: [1] GitHub Advisory - GHSA-gmv4-r438-p67f, [2] Huntr.dev Bounty - 82ef23b8-7025-49c9-b5fc-1bb9885788e5, [3] GitHub Commit - 86d10523a6f6e8dc4300d99d671335ee362ad316.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/references
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-24723
- agent/software-canonical-lookup
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/tags
- agent/event
- vendor/uri.js project
- canonical/uri.js project uri.js
- package-manager/redhat