fast-uri is vulnerable to Host Confusion
75
High Risk
fast-uri's host canonicalization for Unicode/IDN values was fixed to prevent security bypasses caused by inconsistent ASCII/Unicode host handling. The patch changes normalization to use WHATWG URL parsing (new URL('http://' + parsed.host).hostname) and adds tests to ensure correct ASCII/punycode outputs.
You are affected if you are using a version that falls within the vulnerable range.
fast-uri is vulnerable to Host Confusion in versions 2.3.1 - 3.1.2 and 4.0.0 - 4.0.0.
Upgrade the fast-uri library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant