fast-uri is a Dependency-free RFC 3986 URI toolbox
Affected versions of this package are vulnerable to Interpretation Conflict during the decoding of URL host component. An attacker can manipulate the authority component of a URI by supplying percent-encoded delimiters, causing the host to be interpreted incorrectly during serialization. This can allow bypassing host allowlist checks, redirect validation, or outbound request routing by steering applications to an unintended authority.