6928 matches found
Authorization
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...
UBUNTU-CVE-2022-0686
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...
CVE-2022-0686 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...
PT-2022-13358 · Parse-Url +2 · Url-Parse +2
Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.8 Description: The issue is related to an Authorization Bypass Through User-Controlled Key. This allows for potential unauthorized access. The estimated number of potentially affected devices worldwide is not...
NPM url-parse 安全漏洞
Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments.An authorization bypass vulnerability exists in versions of NPM url-parse prior to 1.5.8, which can be exploited by attackers to bypass authorization via a user-controlled key...
CVE-2022-0686
CVE-2022-0686 affects the npm package url-parse (unshift.io) prior to 1.5.8. The root cause is an issue in hostname resolution when no port is provided, which can enable SSRF, open redirects, or other hostname-dependent attacks. Affected versions include unshift.io url-parse used in various npm d...
CVE-2022-0686
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...
CVE-2022-0686 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...
Authorization Bypass
url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host...
GHSA-8V38-PW62-9CW2 url-parse Incorrectly parses URLs that include an '@'
A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...
GHSA-4CPG-3VGW-4877 Prototype pollution in Plist before 3.0.5 can cause denial of service
Prototype pollution vulnerability via .parse in Plist allows attackers to cause a Denial of Service DoS and may lead to remote code execution...
url-parse Incorrectly parses URLs that include an '@'
A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...
CVE-2022-22912
Prototype pollution vulnerability via .parse in Plist before v3.0.4 allows attackers to cause a Denial of Service DoS and may lead to remote code execution...
CVE-2022-22912
Prototype pollution vulnerability via .parse in Plist before v3.0.4 allows attackers to cause a Denial of Service DoS and may lead to remote code execution...
CVE-2022-22912
Prototype pollution vulnerability via .parse in Plist before v3.0.4 allows attackers to cause a Denial of Service DoS and may lead to remote code execution...
DEBIAN-CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
Authorization
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...