Vulnerabilities (CVE)

Filtered by vendor Url-parse Project Subscribe
Filtered by product Url-parse
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-0639 1 Url-parse Project 1 Url-parse 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVE-2022-0512 1 Url-parse Project 1 Url-parse 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVE-2022-0686 1 Url-parse Project 1 Url-parse 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVE-2022-0691 1 Url-parse Project 1 Url-parse 2024-02-28 7.5 HIGH 9.8 CRITICAL
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVE-2021-3664 1 Url-parse Project 1 Url-parse 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
url-parse is vulnerable to URL Redirection to Untrusted Site
CVE-2021-27515 1 Url-parse Project 1 Url-parse 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2020-8124 1 Url-parse Project 1 Url-parse 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVE-2018-3774 1 Url-parse Project 1 Url-parse 2024-02-28 7.5 HIGH 10.0 CRITICAL
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.