CVE-2018-15671

An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5Pgetcb in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service...

@afshin/custom404-extension (>=0.1.1 <=0.1.3), @apache-royale/cli (>=0.1.0 <=0.2.2) +443 more potentially affected by CVE-2018-3774 via url-parse (>=1.0.2 <=1.4.1)

url-parse NPM version =1.0.2, =0.1.1, =0.1.0, =0.0.1, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.1.1, =2.0.0, =2.0.0, =4.1.0 - @datalayer/jupyterlab-hub-extension =0.8.1 and more Source cves: CVE-2018-3774 Source advisory: OSV:GHSA-PV4C-P2J5-38J4...

Open Redirect in url-parse

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery SSRF, or Bypass Authentication Protocol vulnerabilities. Recommendation Update to version 1.4.3 or later...

Design/Logic Flaw

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

DEBIAN-CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

CVE-2018-3774 affects the url-parse library prior to 1.4.3 and stems from incorrect hostname parsing. This can enable SSRF, open redirect, and potential bypass of authentication in affected workflows that rely on url-parse for URL handling. Exploitation scenarios include misparsing hosts in URLs ...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

PT-2018-16192 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.4.3 Description: The issue is related to incorrect parsing in url-parse, which returns the wrong hostname. This can lead to multiple vulnerabilities, including Server Side Request Forgery SSRF, Open Redirect, and...

Sandbox Breakout / Arbitrary Code Execution in static-eval

Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept js var evaluate = require'static-eval'; var parse = require'esprima'.parse; va...

Open Redirect

Overview Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery SSRF, or Bypass Authentication Protocol vulnerabilities. Recommendation Update to version 1.4.3 or later. References - HackerOne Report - GitHub Commit - GitHub...

UBUNTU-CVE-2018-5813

An error within the "parseminolta" function dcraw/dcraw.c in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file...

GHSA-Q75G-2496-MXPP Regular Expression Denial of Service in parsejson

Affected versions of parsejson are vulnerable to a regular expression denial of service when parsing untrusted user input. Recommendation The parsejson package has not been functionally updated since it was initially released. Additionally, it provides functionality which is natively included in...

Null pointer dereference

Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav...

CVE-2018-14448

Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav...

CVE-2018-14448

Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav...

CVE-2018-14448

Codec::parse in track.cpp in Untrunc through 2018-06-07 has a NULL pointer dereference via a crafted MP4 file because of improper interaction with libav...

CVE-2018-14448

CVE-2018-14448 concerns the Untrunc project: a NULL pointer dereference in Codec::parse (track.cpp) when parsing a crafted MP4 file, caused by improper interaction with libav. This vulnerability affects Untrunc up to 2018-06-07 by design of the parser, and the issue is triggered during MP4 proces...