4 matches found
GHSA-7F3X-X4PR-WQHJ Server-Side Request Forgery in parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-2217
Cross-site Scripting XSS - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-0722
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0...
Open Redirect in ionicabizau/parse-url
✍️ Description parse-url mishandles certain uses of backslash such as https:/\ and interprets the URI as a relative path. Browsers accept backslashes after the protocol, and treat it as a normal slash, while parse-url sees it as a relative path. Which will lead to SSRF attacks, open redirects, or...