Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve@huntrdevCVE-2022-2900
HistorySep 14, 2022 - 11:15 a.m.

CVE-2022-2900

2022-09-1411:15:47
CWE-918
@huntrdev
web.nvd.nist.gov
48
3
cve-2022-2900
ssrf
github
repository
parse-url
nvd

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.

Affected configurations

Nvd
Node
parse-url_projectparse-urlRange<8.1.0
VendorProductVersionCPE
parse-url_projectparse-url*cpe:2.3:a:parse-url_project:parse-url:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "ionicabizau/parse-url",
    "vendor": "ionicabizau",
    "versions": [
      {
        "lessThan": "8.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

veracode 1
osv 2
github 1
cvelist 1
prion 1
huntr 1
nvd 1
ibm 1
veracode
veracode
Server-Side Request Forgery (SSRF)
2022-09-15 06:35:25
osv
osv
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
2022-09-15 00:00:24
CVE-2022-2900
2022-09-14 11:15:47
github
github
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
2022-09-15 00:00:24
cvelist
cvelist
CVE-2022-2900 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
2022-09-14 08:30:13
prion
prion
Server side request forgery (ssrf)
2022-09-14 11:15:00
huntr
huntr
parser bypass and make SSRF attack
2022-08-03 11:54:37
nvd
nvd
CVE-2022-2900
2022-09-14 11:15:47
ibm
ibm
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2024-01-03 13:16:10

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON
Related for CVE-2022-2900
veracode1osv2github1cvelist1prion1huntr1nvd1ibm1