High severityNVD Advisory· Published Feb 21, 2021· Updated Aug 3, 2024
CVE-2021-27516
CVE-2021-27516
Description
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
urijsnpm | < 1.19.6 | 1.19.6 |
Affected products
2- URI.js/URI.jsdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-p6j9-7xhc-rhwpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-27516ghsaADVISORY
- advisory.checkmarx.net/advisory/CX-2021-4305ghsax_refsource_MISCWEB
- github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839ghsax_refsource_MISCWEB
- github.com/medialize/URI.js/releases/tag/v1.19.6ghsax_refsource_MISCWEB
- github.com/medialize/URI.js/security/advisories/GHSA-p6j9-7xhc-rhwpghsaWEB
News mentions
0No linked articles in our index yet.