urijs is vulnerable to hostname spoofing. The hostname can be spoofed by using a backslash \\
character followed by an @
character, which could potentially allow an attacker to bypass authorization if the hostname is used in security decisions.
github.com/advisories/GHSA-3329-pjwv-fjpg
github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf1155
github.com/medialize/URI.js/pull/233
github.com/medialize/URI.js/pull/403
github.com/medialize/URI.js/releases/tag/v1.19.4
github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg
www.npmjs.com/package/urijs