6 matches found
Debian dla-3336 : node-url-parse - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3336 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3336-1 [email protected]...
Open Redirect in ionicabizau/parse-url
✍️ Description parse-url mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while parse-url sees it as a relative path. Which will lead to SSRF attacks, open redirects, or...
Path traversal
Overview url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. Recommendation Upgrade to version 1.5.0 or later References - CVE - GitHub Advisory...
CVE-2021-27516
URI.js aka urijs before 1.19.6 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...