Openjsf

Fast-uri

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.27%
  • Veröffentlicht 29.06.2026 13:22:44
  • Zuletzt bearbeitet 02.07.2026 19:55:37

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Uni...

  • EPSS 0.48%
  • Veröffentlicht 05.05.2026 11:16:33
  • Zuletzt bearbeitet 09.07.2026 13:17:30

fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emi...

  • EPSS 0.52%
  • Veröffentlicht 04.05.2026 19:31:57
  • Zuletzt bearbeitet 02.07.2026 12:17:43

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize() and equal() functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could co...