86 matches found
parse-url cross-site scripting vulnerability
parse-url is an advanced url parser with git url support. A cross-site scripting vulnerability exists in parse-url versions prior to 7.0.0, which stems from the ability to run malicious JS code using ASCII characters starting with and all special escape characters starting with Unicode, which can...
Regular Expression Denial of Service (ReDoS)
Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in parse-url. It allows cause a denial of service when calling function parse-url. The ReDoS vulnerability is mainly due to the regex /git@|https?://\w.@+/|:,\w,-,,/+.git0,1/0,1/ and can be...
CVE-2022-0722
A flaw was found in the parse-url package. Affected versions of this package are vulnerable to information exposure due to an improper validation issue...
Cross Site Scripting via Improper Input Validation (parser differential)
Description I find that parse-url parses the following URL incorrectly and identifies protocol as ssh: javascript://n.com:-4294967297/?ab=--2509999973799371216494http://user:passser:[email protected]:-4294967297/?a /parseurlfuzz$ node -e 'const parseUrl = require"parse-url";...
CVE-2022-2217
A cross-site-scripting XSS flaw was found in the parse-url package of npm. This issue could allow an attacker to use escape characters to run malicious JavaScript code on a webpage that was generated by the affected package. The highest impact is to integrity and confidentiality...
File Protocol Spoofing
Description parse-url misinterpreting the file:// protocol when trying to match git urls. The following payload is certainly valid file protocol but is interpreted as ssh protocol. file:///etc/passwd?http://a:1:1 Proof of Concept // PoC.js const fs = require'fs'; var parseURL = require"parse-url"...
Cross-site Scripting (XSS)
parse-url is vulnerable to regular expression denial of service. The vulnerability exists due to a lack of input validation which allows an attacker to inject and execute malicious script via URL parameter...
GHSA-Q6WQ-5P59-983W Cross site scripting in parse-url
Cross-site Scripting XSS - Generic in GitHub repository ionicabizau/parse-url prior to 6.0.1...
GHSA-7F3X-X4PR-WQHJ Server-Side Request Forgery in parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...
Server-Side Request Forgery in parse-url
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...
Cross site scripting in parse-url
Cross-site Scripting XSS - Generic in GitHub repository ionicabizau/parse-url prior to 6.0.1...
Cross site scripting in parse-url
Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...
Hostname confusion in parse-url
Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1...
GHSA-4P35-CFCX-8653 Hostname confusion in parse-url
Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1...
GHSA-JPP7-7CHH-CF67 Cross site scripting in parse-url
Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-2218
Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-2218
Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-2216
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...
CVE-2022-2216
Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...