Vulnerability Details CVE-2022-25839
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.7%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 5.0
References
Products affected by CVE-2022-25839
-
cpe:2.3:a:url-js_project:url-js:0.0.8
-
cpe:2.3:a:url-js_project:url-js:0.1.0
-
cpe:2.3:a:url-js_project:url-js:0.2.0
-
cpe:2.3:a:url-js_project:url-js:0.2.1
-
cpe:2.3:a:url-js_project:url-js:0.2.2
-
cpe:2.3:a:url-js_project:url-js:0.2.3
-
cpe:2.3:a:url-js_project:url-js:0.2.4
-
cpe:2.3:a:url-js_project:url-js:0.2.5
-
cpe:2.3:a:url-js_project:url-js:0.2.6
-
cpe:2.3:a:url-js_project:url-js:1.0.0
-
cpe:2.3:a:url-js_project:url-js:2.0.0