Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-G694-M8VQ-GV9H
HistoryApr 05, 2022 - 12:00 a.m.

URL Confusion When Scheme Not Supplied in medialize/uri.js

2022-04-0500:00:17
Google
osv.dev
9
javascript
url mutation
hostname parsing
path parsing
redirect
version 1.19.11
browser behavior
url parsing
software
confusion

EPSS

0.001

Percentile

30.0%

JSON

Medialize is a Javascript URL mutation library. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse ///www.example.com as http://www.example.com instead. For example, the following will cause a redirect to http://www.example.com: A fix was released in version 1.19.11.

Related

veracode 1
cve 1
osv 1
github 1
nvd 1
prion 1
cvelist 1
huntr 1
ibm 1
veracode
veracode
Open Redirects
2022-04-05 04:32:54
cve
cve
CVE-2022-1233
2022-04-04 20:15:10
osv
osv
CVE-2022-1233
2022-04-04 20:15:10
github
github
URL Confusion When Scheme Not Supplied in medialize/uri.js
2022-04-05 00:00:17
nvd
nvd
CVE-2022-1233
2022-04-04 20:15:10
prion
prion
Design/Logic Flaw
2022-04-04 20:15:00
cvelist
cvelist
CVE-2022-1233 URL Confusion When Scheme Not Supplied in medialize/uri.js
2022-04-04 19:30:15
huntr
huntr
URL Confusion When Scheme Not Supplied
2022-03-15 09:42:40
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer components that use Designer flows may be vulnerable to CVE-2022-1233
2022-04-28 11:33:00

EPSS

0.001

Percentile

30.0%

JSON
Related for OSV:GHSA-G694-M8VQ-GV9H
veracode1cve1osv1github1nvd1prion1cvelist1huntr1ibm1