CVE-2022-0686 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

🗓️ 20 Feb 2022 00:00:00Reported by @huntrdevType

CVE-2022-0686 Authorization Bypass in url-parse NPM packag

Reporter	Title	Published	Views	Family All 39
IBM Security Bulletins	Security Bulletin: Mutiple Vulnerabilties in Open Source packages affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data	6 Dec 202316:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security is vulnerable to Using Components with Known Vulnerabilities	25 Jul 202213:54	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System	16 Aug 202215:59	–	ibm
IBM Security Bulletins	Security Bulletin: Medium/low severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)	27 Apr 202222:51	–	ibm
IBM Security Bulletins	Security Bulletin: High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries)	27 Apr 202222:57	–	ibm
Huntr	Authorization Bypass Through User-Controlled Key	17 Feb 202220:30	–	huntr
ATTACKERKB	CVE-2022-0686	20 Feb 202213:15	–	attackerkb
CNNVD	NPM url-parse 安全漏洞	20 Feb 202200:00	–	cnnvd
CNVD	NPM url-parse authorization bypass vulnerability	22 Feb 202200:00	–	cnvd
CVE	CVE-2022-0686	20 Feb 202200:00	–	cve

[
  {
    "vendor": "unshiftio",
    "product": "unshiftio/url-parse",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.5.8",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
lists	www.lists.debian.org/debian-lts-announce/2023/02/msg00030.html
huntr	www.huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
github	www.github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5
security	www.security.netapp.com/advisory/ntap-20220325-0006/

23 Feb 2023 00:00Current

9.5High risk

Vulners AI Score9.5

CVSS 36.5

EPSS0.00101

CWE-639