Lucene search
K

86 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:23 p.m.12 views

CVE-2022-2900

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.1CVSS6.7AI score0.00907EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/10/05 10:44 a.m.4 views

parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url

A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue...

7.5CVSS5.7AI score0.01104EPSS
Exploits1References5
OSV
OSV
added 2022/09/16 12:0 a.m.51 views

GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

6.1CVSS6.3AI score0.00586EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/09/16 12:0 a.m.26 views

parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

9.4CVSS6.2AI score0.00586EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/15 12:15 p.m.5 views

CVE-2022-3224

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.4CVSS6.8AI score0.00586EPSS
Exploits1References3
NVD
NVD
added 2022/09/15 12:15 p.m.45 views

CVE-2022-3224

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.4CVSS0.00586EPSS
Exploits1References2
Prion
Prion
added 2022/09/15 12:15 p.m.18 views

Design/Logic Flaw

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

5.8CVSS6.2AI score0.00586EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/09/15 11:30 a.m.42 views

CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.4CVSS6.8AI score0.00586EPSS
Exploits1References2
OSV
OSV
added 2022/09/15 11:30 a.m.34 views

CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.4CVSS7.9AI score0.00586EPSS
Exploits1References4
CVE
CVE
added 2022/09/15 11:30 a.m.75 views

CVE-2022-3224

CVE-2022-3224 concerns the parse-url npm package by ionică Bizău, affected in versions prior to 8.1.0. The root cause is a misinterpretation of input that leads to incorrect parsing of http/https URLs (e.g., misclassifying the URL protocol as ssh and misparsing the hostname). Reported impacts inc...

9.4CVSS6.5AI score0.00586EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2022/09/15 6:35 a.m.18 views

Server-Side Request Forgery (SSRF)

parse-url is vulnerable to server-side request forgery. The vulnerability exists in the parseUrl function in index.js because it doesn't validate url or detect the protocol, resource, pathname and user param properly which allows an attacker to cause an ssrf bypass via a crafted url...

9.1CVSS8.5AI score0.00907EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/09/15 12:0 a.m.16 views

GHSA-J9FQ-VWQV-2FM2 Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.1CVSS9.3AI score0.00907EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/09/15 12:0 a.m.37 views

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.1CVSS8.9AI score0.00907EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/09/15 12:0 a.m.5 views

parse-url 安全漏洞

parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url prior to version 8.1.0, which stems from the fact that parse-url incorrectly parses the https url that follows it, identifying its protocol as ssh, and...

9.4CVSS7.6AI score0.00586EPSS
Exploits1References3
NVD
NVD
added 2022/09/14 11:15 a.m.36 views

CVE-2022-2900

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.1CVSS0.00907EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/09/14 11:15 a.m.4 views

CVE-2022-2900

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.1CVSS5.9AI score0.00907EPSS
Exploits1References3
Prion
Prion
added 2022/09/14 11:15 a.m.20 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

6.4CVSS9.3AI score0.00907EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/09/14 8:30 a.m.91 views

CVE-2022-2900

CVE-2022-2900 affects the npm package parse-url (GitHub: ionicabizau/parse-url) up to version 8.0.x; it is a Server-Side Request Forgery (SSRF) vulnerability that could allow a remote attacker to induce the server to perform requests on its behalf. The NVD/CVSS data assign a 9.1 CRITICAL base sco...

9.1CVSS9.3AI score0.00907EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/09/14 8:30 a.m.29 views

CVE-2022-2900 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...

9.1CVSS9.2AI score0.00907EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/09/14 12:0 a.m.6 views

parse-url 代码问题漏洞

parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url versions prior to 8.1.0. An attacker exploited the vulnerability to perform a server-side request forgery attack...

9.1CVSS8.3AI score0.00907EPSS
Exploits1References3
Rows per page
Query Builder