CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

UBUNTU-CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

ruby: Cookie prefix spoofing in CGI::Cookie.parse

A flaw was found in Ruby. RubyGems cgi gem could allow a remote attacker to conduct spoofing attacks caused by the mishandling of security prefixes in cookie names in the CGI::Cookie.parse function. By sending a specially-crafted request, an attacker could perform cookie prefix spoofing attacks...

Authorization Bypass

url-parse is vulnerable to authorization bypass. Because the library does not properly validate the hostname in the toString function of index.js, an attacker can redirect to malicious URLs using the user-controlled key when no port number is specified in the URL...

GHSA-HGJH-723H-MX2J Authorization Bypass Through User-Controlled Key in url-parse

url-parse prior to version 1.5.8 is vulnerable to Authorization Bypass Through User-Controlled Key...

Authorization Bypass Through User-Controlled Key in url-parse

url-parse prior to version 1.5.8 is vulnerable to Authorization Bypass Through User-Controlled Key...

CVE-2022-0691 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

PT-2022-13363 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.9 Description: The issue arises from leading control characters in a URL not being stripped when passed into url-parse, potentially causing input URLs to be mistakenly interpreted as relative URLs without a...

CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

CVE-2022-0691

CVE-2022-0691 – In the npm package url-parse, versions prior to 1.5.9 are vulnerable to an authorization bypass via a user-controlled key in the URL parser. This stems from improper handling of the key, enabling bypass of authorization checks. Remediation: upgrade to url-parse 1.5.9 or later (pat...

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

DEBIAN-CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

Authorization

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

UBUNTU-CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

CVE-2022-0686 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

PT-2022-13358 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.8 Description: The issue is related to an Authorization Bypass Through User-Controlled Key. This allows for potential unauthorized access. The estimated number of potentially affected devices worldwide is not...

CVE-2022-0686

CVE-2022-0686 affects the npm package url-parse (unshift.io) prior to 1.5.8. The root cause is an issue in hostname resolution when no port is provided, which can enable SSRF, open redirects, or other hostname-dependent attacks. Affected versions include unshift.io url-parse used in various npm d...