86 matches found
CVE-2022-2900
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url
A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue...
GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...
CVE-2022-3224
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-3224
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
Design/Logic Flaw
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-3224
CVE-2022-3224 concerns the parse-url npm package by ionică Bizău, affected in versions prior to 8.1.0. The root cause is a misinterpretation of input that leads to incorrect parsing of http/https URLs (e.g., misclassifying the URL protocol as ssh and misparsing the hostname). Reported impacts inc...
Server-Side Request Forgery (SSRF)
parse-url is vulnerable to server-side request forgery. The vulnerability exists in the parseUrl function in index.js because it doesn't validate url or detect the protocol, resource, pathname and user param properly which allows an attacker to cause an ssrf bypass via a crafted url...
GHSA-J9FQ-VWQV-2FM2 Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
parse-url 安全漏洞
parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url prior to version 8.1.0, which stems from the fact that parse-url incorrectly parses the https url that follows it, identifying its protocol as ssh, and...
CVE-2022-2900
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-2900
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-2900
CVE-2022-2900 affects the npm package parse-url (GitHub: ionicabizau/parse-url) up to version 8.0.x; it is a Server-Side Request Forgery (SSRF) vulnerability that could allow a remote attacker to induce the server to perform requests on its behalf. The NVD/CVSS data assign a 9.1 CRITICAL base sco...
CVE-2022-2900 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
parse-url 代码问题漏洞
parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url versions prior to 8.1.0. An attacker exploited the vulnerability to perform a server-side request forgery attack...