GoogleOSV:USN-5973-1node-url-parse vulnerabilities
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.2%
It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. (CVE-2018-3774)
It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass input
validation. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-8124)
Yaniv Nizry discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-27515)
It was discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-3664)
It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass
authorization. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2022-0512, CVE-2022-0639, CVE-2022-0691)
Rohan Sharma discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass
authorization. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2022-0686)
References
ubuntu.com/security/CVE-2018-3774
ubuntu.com/security/CVE-2020-8124
ubuntu.com/security/CVE-2021-27515
ubuntu.com/security/CVE-2021-3664
ubuntu.com/security/CVE-2022-0512
ubuntu.com/security/CVE-2022-0639
ubuntu.com/security/CVE-2022-0686
ubuntu.com/security/CVE-2022-0691
ubuntu.com/security/notices/USN-5973-1
Related
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.2%