Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2022/03/12 12:0 a.m.4 views

coherent-gameface-router (>=1.0.1 <=3.1.0), redirect-nginx-generator (=1.0.0) potentially affected by CVE-2022-25839 via url-js (=0.2.6)

url-js NPM version =0.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on url-js and may be impacted: - coherent-gameface-router =1.0.1, =3.1.0 - redirect-nginx-generator =1.0.0 Source cves: CVE-2022-25839 Source advisory: OSV:GHSA-RF54-44JR-Q5VF...

5.3CVSS6AI score0.00836EPSS
Exploits1
CVE
CVE
added 2022/03/11 8:0 p.m.104 views

CVE-2022-25839

The CVE concerns the JavaScript package url-js prior to version 2.1.0 . The vulnerability arises from improper input validation during parsing in the URL.js parser, allowing hostname spoofing (for example, both http://\\\\localhost and http://localhost are treated as the same URL, with the backsl...

5.3CVSS4.8AI score0.00836EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/03/11 8:0 p.m.25 views

CVE-2022-25839 Improper Input Validation

The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...

4.3CVSS5.5AI score0.00836EPSS
Exploits1References2
OSV
OSV
added 2022/03/11 8:0 p.m.13 views

CVE-2022-25839 Improper Input Validation

The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...

4.3CVSS6.1AI score0.00836EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/03/11 8:0 p.m.2 views

CVE-2022-25839

The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...

5.3CVSS6AI score0.00836EPSS
Exploits1References3
Rows per page
Query Builder