in ionicabizau/parse-path

Description parse-path is unable to detect the right resource. While parsing http://[email protected] url, parse-path thinks that the host/resource is example.com, however the actual resource is 127.0.0.1. Proof of Concept SSRF PoC javascript const parsePath = require"parse-path"; const axios...

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

DEBIAN-CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

UBUNTU-CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

Authorization

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

in unshiftio/url-parse

Description Incorrect conversion of @ in protocol in the href leads to improper validation of hostname. Proof of Concept Url-parse is not able to verify broken protocol. This will allow to bypass hostname validation. parse = require'url-parse' console.logparse"http:@/127.0.0.1" Now imagine if the...

CVE-2022-0512 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

CVE-2022-0512 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

CVE-2022-0512

CVE-2022-0512 targets the unshift.io url-parse (NPM) package; authorization bypass is due to improper handling of username/password in the URL, affecting various Node.js/UNSHIFTED URL-parse deployments prior to version 1.5.6. Public advisories (Debian/Ubuntu IBM Spectrum Discover and other feeds)...

NPM url-parse 安全漏洞

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in NPM url-parse that stems from bypassing authorization via a user-controlled key in NPM url-parse before 1.5.6...

PT-2022-13228 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.6 Description: The issue is related to an authorization bypass through a user-controlled key. This allows for unauthorized access. The estimated number of potentially affected devices is not specified...

DEBIAN-CVE-2022-0185

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

AZL-8578 CVE-2022-0185 affecting package kernel for versions less than 5.15.26.1-1

A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged in case of unprivileged user namespaces enabled, otherwise needs namespaced CAPSYSADMIN privile...

Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url

Description First Assume this example var parseUrl = require"parse-url" parseUrl"http://[email protected]:[email protected]/path/name?foo=bar&bar=42some-hash" that return : protocols: "http" protocol: "http" port: null resource: "[email protected]" user: "" pathname:...

GHSA-M744-2JJ8-VPFV Command injection in git-parse

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability...

Command injection in git-parse

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability...

@foxnfork/auth-node (>=0.0.8 <=0.0.50), @foxnfork/node-utils (>=0.0.1 <=0.0.9) +11 more potentially affected by CVE-2021-26543 via git-parse (>=1.0.3 <=1.0.4)

git-parse NPM version =1.0.3, =0.0.8, =0.0.1, =0.0.1, =2.11.0-beta, =1.4.3, =2.6.0, =2.18.1, =0.2.11, =1.2.7, =1.0.0, =2.33.10, =0.2.1, =2.6.2, =2.6.3 Source cves: CVE-2021-26543 Source advisory: OSV:GHSA-M744-2JJ8-VPFV...