Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0639 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | |||||
CVE-2022-0512 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | |||||
CVE-2022-0686 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | |||||
CVE-2022-0691 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | |||||
CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
url-parse is vulnerable to URL Redirection to Untrusted Site | |||||
CVE-2021-27515 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | |||||
CVE-2020-8124 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | |||||
CVE-2018-3774 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. |