Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Url-parse Security Vulnerabilities

cve
cve

CVE-2023-33290

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758...

7.5CVSS

7.3AI Score

0.001EPSS

2023-06-12 01:15 PM
22
cve
cve

CVE-2023-32758

giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git...

7.5CVSS

7.3AI Score

0.001EPSS

2023-05-15 04:15 AM
24
cve
cve

CVE-2022-3224

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to...

6.1CVSS

6.1AI Score

0.001EPSS

2022-09-15 12:15 PM
31
4
cve
cve

CVE-2022-2900

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to...

9.1CVSS

9.2AI Score

0.002EPSS

2022-09-14 11:15 AM
41
3
cve
cve

CVE-2022-2218

Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-06-27 01:15 PM
44
5
cve
cve

CVE-2022-2216

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to...

9.8CVSS

9.5AI Score

0.002EPSS

2022-06-27 12:15 PM
45
5
cve
cve

CVE-2022-2217

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to...

6.1CVSS

5.9AI Score

0.001EPSS

2022-06-27 11:15 AM
58
3
cve
cve

CVE-2022-0722

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to...

7.5CVSS

7.3AI Score

0.001EPSS

2022-06-27 11:15 AM
65
4
cve
cve

CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to...

9.8CVSS

9.1AI Score

0.003EPSS

2022-02-21 09:15 AM
88
cve
cve

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to...

9.1CVSS

8.9AI Score

0.002EPSS

2022-02-20 01:15 PM
144
cve
cve

CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to...

5.3CVSS

5.3AI Score

0.001EPSS

2022-02-17 06:15 PM
92
cve
cve

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to...

5.3CVSS

5.3AI Score

0.001EPSS

2022-02-14 04:15 PM
92
cve
cve

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted...

5.3CVSS

5.3AI Score

0.001EPSS

2021-07-26 12:15 PM
67
3
cve
cve

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative...

5.3CVSS

5.4AI Score

0.002EPSS

2021-02-22 12:15 AM
78
6
cve
cve

CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security...

5.3CVSS

5.4AI Score

0.001EPSS

2020-02-04 08:15 PM
76
cve
cve

CVE-2018-3774

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication...

10CVSS

9.5AI Score

0.003EPSS

2018-08-12 10:29 PM
40