SUSE CVE-2026-43192

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f "scsi: devicehandler: Return error pointer in scsidhattachedhandlername" added code to fail parsing the path if scsidhattachedhandlername...

EUVD-2026-27752

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dmputdevice when failing to get scsi dh name When commit fd81bc5cca8f "scsi: devicehandler: Return error pointer in scsidhattachedhandlername" added code to fail parsing the path if scsidhattachedhandlername...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fixed the memory leak in pathlist. Clang static analysis reports this error. sandboxer.c:134:8: Warning: Potential memory leak pointed to by ‘pathlist’. ret = 0; ^ pathlist is allocated in parsepath, but never...

EUVD-2022-5904

Malicious code in bioql PyPI...

SUSE CVE-2021-47654

In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix pathlist memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'pathlist' ret = 0; ^ pathlist is allocated in parsepath but never freed...

DEBIAN-CVE-2021-47654

In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix pathlist memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'pathlist' ret = 0; ^ pathlist is allocated in parsepath but never freed...

PT-2022-9013 · Unknown · Ewxrjk Sftpserver

Name of the Vulnerable Software and Affected Versions: ewxrjk sftpserver affected versions not specified Description: A vulnerability was found in the ewxrjk sftpserver, affecting the function sftp parse path of the file parse.c. The manipulation leads to an uninitialized pointer. The real...

Green End SFTP Server 安全漏洞

Green End SFTP Server is an SFTP server supporting protocol version 6 by Richard Kettlewell, an individual developer. A security vulnerability exists in Green End SFTP Server that stems from an uninitialized pointer due to the sftpparsepath function in its parse.c file...

10secondsofcode-custom (=1.0.0), 1kohei1 (>=1.0.0 <=1.0.1) +4296 more potentially affected by CVE-2022-0624 via parse-path (>=3.0.4 <=4.0.4)

parse-path NPM version =3.0.4, =1.0.0, =1.0.0, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =0.1.2, =11.0.1, =11.0.2 and more Source cves: CVE-2022-0624 Source advisory: OSV:GHSA-3J8F-XVM3-FFX4...

CVE-2022-0624

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

Authorization

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

CVE-2022-0624 Authorization Bypass Through User-Controlled Key in ionicabizau/parse-path

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

parse-path 安全漏洞

parse-path is a library by the individual developers of Ionică Bizău. It is used to parse path. A security vulnerability exists in parse-path versions prior to 5.0.0, which stems from a lack of valid restrictions on the presence of user-controlled keys in the application. An attacker can exploit...

Bypass of last fix

Description last fix can be bypass because in this line we should consider the case \r\r or even \r too. Proof of Concept javascript const http = require"http"; const parseUrl = require"parse-url"; const url = parseUrl'jav\r\r\rascript://%0aalert1'; console.logurl const server =...

in ionicabizau/parse-path

Description parse-path is unable to detect the right resource. While parsing http://[email protected] url, parse-path thinks that the host/resource is example.com, however the actual resource is 127.0.0.1. Proof of Concept SSRF PoC javascript const parsePath = require"parse-path"; const axios...

Open Redirect in ionicabizau/parse-path

✍️ Description parse-path mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while parse-path sees it as a relative path. Which will lead to SSRF attacks, open redirects, o...