@adobe/htlengine@6.2.15

Vulnerabilities

1 via 1 paths

Dependencies

41

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Improper Input Validation

  • Vulnerable module: urijs
  • Introduced through: urijs@1.19.5

Detailed paths

  • Introduced through: @adobe/htlengine@6.2.15 urijs@1.19.5
    Remediation: Upgrade to @adobe/htlengine@6.3.6.

Overview

urijs is a Javascript library for working with URLs.

Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.

Remediation

Upgrade urijs to version 1.19.6 or higher.

References