2 matches found
GHSA-JF5R-8HM2-F872 url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Leading control characters in a URL are not stripped when passed into url-parse. This can cause input URLs to be mistakenly be interpreted as a relative URL without a hostname and protocol, while the WHATWG URL parser will trim control characters and treat it as an absolute URL. If url-parse is...
PT-2022-13363 · Parse-Url +2 · Url-Parse +2
Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.9 Description: The issue arises from leading control characters in a URL not being stripped when passed into url-parse, potentially causing input URLs to be mistakenly interpreted as relative URLs without a...