6717 matches found
CVE-2022-3224
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-3224
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
Design/Logic Flaw
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-3224
CVE-2022-3224 concerns the parse-url npm package by ionică Bizău, affected in versions prior to 8.1.0. The root cause is a misinterpretation of input that leads to incorrect parsing of http/https URLs (e.g., misclassifying the URL protocol as ssh and misparsing the hostname). Reported impacts inc...
Server-Side Request Forgery (SSRF)
parse-url is vulnerable to server-side request forgery. The vulnerability exists in the parseUrl function in index.js because it doesn't validate url or detect the protocol, resource, pathname and user param properly which allows an attacker to cause an ssrf bypass via a crafted url...
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
GHSA-J9FQ-VWQV-2FM2 Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
parse-url 安全漏洞
parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url prior to version 8.1.0, which stems from the fact that parse-url incorrectly parses the https url that follows it, identifying its protocol as ssh, and...
Go-CVSS 缓冲区错误漏洞
Go-CVSS is a low-allocation Go module from the Lucas TESSON personal developer. It is used to operate the Common Vulnerability Scoring System CVSS. A buffer error vulnerability exists in Go-CVSS versions prior to v0.4.0, which stems from a potential out-of-bounds read due to lack of testing when...
CVE-2022-2900
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-2900
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
CVE-2022-2900
CVE-2022-2900 affects the npm package parse-url (GitHub: ionicabizau/parse-url) up to version 8.0.x; it is a Server-Side Request Forgery (SSRF) vulnerability that could allow a remote attacker to induce the server to perform requests on its behalf. The NVD/CVSS data assign a 9.1 CRITICAL base sco...
CVE-2022-2900 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 8.1.0...
parse-url 代码问题漏洞
parse-url is an advanced url parser with git url support by the individual developer Ionică Bizău. A security vulnerability exists in parse-url versions prior to 8.1.0. An attacker exploited the vulnerability to perform a server-side request forgery attack...
CVE-2022-20385
a function called 'nlaparse', do not check the len of para, it will check nlatype which can be controlled by userspace with 'maxtype' in this case, it is GSCANMAX, then it access polciy array 'policytype', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819...
mariadb: MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations
MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations...
ruby: Cookie prefix spoofing in CGI::Cookie.parse
A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...