7.5

CVE-2021-27516

Exploit
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Uri.Js ProjectUri.Js Version < 1.19.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.48% 0.825
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://advisory.checkmarx.net/advisory/CX-2021-4305
Third Party Advisory
Exploit
https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839
Patch
Third Party Advisory
https://github.com/medialize/URI.js/releases/tag/v1.19.6
Third Party Advisory