CVE-2022-1233: 
JavaScript vulnerability analysis and mitigation

URL Confusion vulnerability (CVE-2022-1233) was discovered in GitHub repository medialize/uri.js prior to version 1.19.11. The vulnerability was identified in the URI.parse() function's handling of excessive slashes in scheme-relative URLs (NVD, GitHub Patch).

The vulnerability received a CVSS v3.1 base score of 6.1 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue is classified as CWE-601 (URL Redirection to Untrusted Site) and CWE-115 (Misinterpretation of Input). The vulnerability specifically affects the URI.parse() function's handling of scheme-relative URLs with excessive slashes (NVD).

The vulnerability could potentially lead to URL confusion and redirection issues, affecting the confidentiality and integrity of the system with low severity. The attack requires user interaction and can result in limited information disclosure and modification (NVD).

The vulnerability has been patched in version 1.19.11 of uri.js. Users are advised to upgrade to this version or later. The fix specifically addresses the handling of excessive slashes in scheme-relative URLs (GitHub Patch).