Lucene search

GitHub Advisory DatabaseGHSA-7F3X-X4PR-WQHJ

HistoryJun 28, 2022 - 12:01 a.m.

Server-Side Request Forgery in parse-url

2022-06-2800:01:02

CWE-918

GitHub Advisory Database

github.com

server-side request forgery

github repository

ionicabizau/parse-url

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.1%

JSON

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.

Affected configurations

Vulners

Node

url-parse_projecturl-parseRange<6.0.1

VendorProductVersionCPE
url-parse_projecturl-parse*cpe:2.3:o:url-parse_project:url-parse:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
url-parse_project	url-parse	*	cpe:2.3:o:url-parse_project:url-parse::::::::

References

github.com/advisories/GHSA-7f3x-x4pr-wqhj

github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3

huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1

nvd.nist.gov/vuln/detail/CVE-2022-2216

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

57.1%

JSON

Related for GHSA-7F3X-X4PR-WQHJ