CVE-2022-24723

Name of the Vulnerable Software and Affected Versions URI.js versions prior to 1.19.9

Description The issue arises from whitespace characters not being removed from the beginning of the protocol, resulting in improper URL parsing. This can cause protocol validation mechanisms to fail. The problem has been patched in version 1.19.9. As a workaround, removing leading whitespace from values before passing them to URI.parse can mitigate the issue.

Recommendations For versions prior to 1.19.9, update to version 1.19.9 to resolve the issue. As a temporary workaround, consider removing leading whitespace from values before passing them to URI.parse, for example, by using a function to remove whitespace from the URL.