Lucene search
K

1808 matches found

Veracode
Veracode
added 2022/02/18 1:9 p.m.47 views

Authorization Bypass

url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host...

5.3CVSS2.9AI score0.01535EPSS
Exploits1References5Affected Software2
Huntr
Huntr
added 2022/02/17 8:30 p.m.40 views

Authorization Bypass Through User-Controlled Key

Description url-parse is unable to find the correct hostname when no port number is provided in the url. Payload: http://example.com: Proof of Concept javascript var Url = require'url-parse'; var PAYLOAD = "http://example.com:"; // Expected hostname: example.com // Actual hostname by url-parse:...

6.4CVSS0.01827EPSS
Exploits1
OSV
OSV
added 2022/02/17 6:15 p.m.1 views

DEBIAN-CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

5.3CVSS6.5AI score0.01535EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/02/17 6:15 p.m.42 views

CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

6.5CVSS6.8AI score0.01535EPSS
Exploits1References5
OSV
OSV
added 2022/02/17 6:15 p.m.1 views

UBUNTU-CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

6.5CVSS7.3AI score0.01535EPSS
Exploits1References6
Veracode
Veracode
added 2022/02/17 7:38 a.m.23 views

Authorization Bypass

urijs is vulnerable to Authorization Bypass. The vulnerability exists in the User-Controlled Key due to the case-sensitive checks which not properly configured, allowing an attacker to bypass and gain access...

6.5CVSS6.4AI score0.0158EPSS
Exploits1References6Affected Software2
OSV
OSV
added 2022/02/17 12:0 a.m.2 views

GHSA-GCV8-GH4R-25X6 Authorization Bypass Through User-Controlled Key in urijs

Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp etc. in order to bypass the patch for CVE-2021-3647...

6.5CVSS6.4AI score0.0158EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.6 views

url-parse 安全漏洞

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in url-parse versions prior to 1.5.7, which can be exploited by an attacker to bypass authorization via a user-controlled key...

6.5CVSS7AI score0.01535EPSS
Exploits1References5
OSV
OSV
added 2022/02/17 12:0 a.m.25 views

CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

6.5CVSS6.8AI score0.01535EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2022/02/17 12:0 a.m.31 views

CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

6.5CVSS6.8AI score0.01535EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/02/16 9:15 a.m.7 views

CVE-2022-0613

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...

6.5CVSS6.2AI score0.0158EPSS
Exploits1References5
Prion
Prion
added 2022/02/16 9:15 a.m.22 views

Authorization

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...

6.4CVSS5.6AI score0.0158EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2022/02/16 9:15 a.m.5 views

UBUNTU-CVE-2022-0613

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...

6.5CVSS6.8AI score0.0158EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/02/16 8:40 a.m.34 views

CVE-2022-0613 Authorization Bypass Through User-Controlled Key in medialize/uri.js

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...

5.3CVSS6.5AI score0.0158EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/02/16 12:0 a.m.4 views

PT-2022-13299 · Uri.Js · Uri.Js

Name of the Vulnerable Software and Affected Versions: urijs versions prior to 1.19.8 Description: The issue allows an attacker to bypass authorization through a user-controlled key. Specifically, it is possible to use case-insensitive protocol schemes, such as HTTP, htTP, HTtp, etc., to bypass...

6.5CVSS5.5AI score0.0158EPSS
Exploits1References13
Cvelist
Cvelist
added 2022/02/15 10:13 p.m.19 views

CVE-2021-46249

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...

6.5CVSS6.7AI score0.00643EPSS
Exploits0References1
OSV
OSV
added 2022/02/15 12:2 a.m.24 views

GHSA-RQFF-837H-MM52 Authorization bypass in url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

5.3CVSS6.9AI score0.01782EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/02/15 12:2 a.m.37 views

Authorization bypass in url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS2.9AI score0.01782EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/02/14 4:15 p.m.3 views

DEBIAN-CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

5.3CVSS6.7AI score0.01782EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/02/14 4:15 p.m.7 views

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS6.7AI score0.01782EPSS
Exploits1References4
Rows per page
Query Builder