CVE-2020-26291

Published: Dic 31, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-1476 Aliases: GHSA-3329-pjwv-fjpg
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
MEDIUM 4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example the URL `https://expected-example.com\@observed-example.com` will incorrectly return `observed-example.com` if using an affected version. Patched versions correctly return `expected-example.com`. Patched versions match the behavior of other parsers which implement the WHATWG URL specification, including web browsers and Node's built-in URL class. Version 1.19.4 is patched against all known payload variants. Version 1.19.3 has a partial patch but is still vulnerable to a payload variant.]

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0058
Percentile
0,7th
Updated

EPSS Score Trend (Last 90 Days)

20

Improper Input Validation

Stable
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Confidentiality Integrity
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Memory Read Files Or Directories Modify Memory Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Application

Uri.Js by Uri.Js Project

Product Information
Vendor Uri.Js Project
Product Uri.Js
Version Range Affected
To 1.19.4 (exclusive)
cpe:2.3:a:uri.js_project:uri.js:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/medialize/URI.js/commit/b02bf037c99ac931…
Patch Third Party Advisory
https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf…
https://github.com/medialize/URI.js/releases/tag/v1.19.4
Release Notes Third Party Advisory
https://github.com/medialize/URI.js/releases/tag/v1.19.4
https://github.com/medialize/URI.js/security/advisories/GHS…
Third Party Advisory
https://github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg
https://www.npmjs.com/package/urijs
Third Party Advisory
https://www.npmjs.com/package/urijs
https://github.com/medialize/URI.js/commit/b02bf037c99ac931…
Patch Third Party Advisory
https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf…
https://github.com/medialize/URI.js/releases/tag/v1.19.4
Release Notes Third Party Advisory
https://github.com/medialize/URI.js/releases/tag/v1.19.4
https://github.com/medialize/URI.js/security/advisories/GHS…
Third Party Advisory
https://github.com/medialize/URI.js/security/advisories/GHSA-3329-pjwv-fjpg
https://www.npmjs.com/package/urijs
Third Party Advisory
https://www.npmjs.com/package/urijs