Affected versions of this package are vulnerable to Open Redirect. It mishandles certain uses of backslash such as
https:/\ and interprets the URI as a relative path. Browsers usually accept backslashes after the protocol, and treat it as a normal slash.
var URI = require('urijs'); var url = new URI("https:/\/\/\www.google.com"); console.log(url); // Which will return --> path: "/www.google.com"
There is no fixed version for