1808 matches found
Authorization Bypass
url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host...
Authorization Bypass Through User-Controlled Key
Description url-parse is unable to find the correct hostname when no port number is provided in the url. Payload: http://example.com: Proof of Concept javascript var Url = require'url-parse'; var PAYLOAD = "http://example.com:"; // Expected hostname: example.com // Actual hostname by url-parse:...
DEBIAN-CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
UBUNTU-CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
Authorization Bypass
urijs is vulnerable to Authorization Bypass. The vulnerability exists in the User-Controlled Key due to the case-sensitive checks which not properly configured, allowing an attacker to bypass and gain access...
GHSA-GCV8-GH4R-25X6 Authorization Bypass Through User-Controlled Key in urijs
Attacker can use case-insensitive protocol schemes like HTTP, htTP, HTtp etc. in order to bypass the patch for CVE-2021-3647...
url-parse 安全漏洞
Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in url-parse versions prior to 1.5.7, which can be exploited by an attacker to bypass authorization via a user-controlled key...
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0613
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...
Authorization
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...
UBUNTU-CVE-2022-0613
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...
CVE-2022-0613 Authorization Bypass Through User-Controlled Key in medialize/uri.js
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8...
PT-2022-13299 · Uri.Js · Uri.Js
Name of the Vulnerable Software and Affected Versions: urijs versions prior to 1.19.8 Description: The issue allows an attacker to bypass authorization through a user-controlled key. Specifically, it is possible to use case-insensitive protocol schemes, such as HTTP, htTP, HTtp, etc., to bypass...
CVE-2021-46249
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps...
GHSA-RQFF-837H-MM52 Authorization bypass in url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
Authorization bypass in url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
DEBIAN-CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...