Path traversal

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

UBUNTU-CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

EulerOS 2.0 SP2 : ruby (EulerOS-SA-2021-1356)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Onigmo through 6.2.0 has a NULL pointer dereference in onigerrorcodetostr because of fetchtoken in regparse.c.CVE-2019-16161 - Onigmo through 6.2....

PT-2021-17488 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.0 Description: The issue concerns the mishandling of certain uses of backslash in URLs, such as http:/, which are interpreted as relative paths instead of proper URLs. Recommendations: For versions prior to...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

CVE-2021-27515 affects the url-parse library (before 1.5.0), where backslash sequences in the protocol (e.g., http:/ or http:) can cause the parser to treat the URI as a relative path. Public advisories (Debian/Ubuntu) list this alongside other url-parse issues and indicate fixes via package upgr...

url-parse security vulnerability

Arnout Kazemier url-parse is an application by the individual developer Arnout Kazemiere Arnout Kazemier, USA. It provides url parsing. A security vulnerability exists in url-parse before version 1.5.0 that stems from incorrectly handling certain uses of backslashes, such as http: /, and...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

960.css (=1.0.0), @4site/engrid-styles (>=0.2.19 <=0.2.24) +124 more potentially affected by CVE-2021-23343 via path-parse (>=1.0.5 <=1.0.6)

path-parse NPM version =1.0.5, =0.2.19, =0.1.1, =7.0.0, =0.2.0, =0.17.0, =0.17.0, =0.19.0, =0.17.0, =0.23.0, =0.17.0, =0.17.0, =0.17.1 - @choerodon/issue =0.17.0 and more Source cves: CVE-2021-23343 Source advisory: SNYK:JS-PATHPARSE-1077067...

Regular Expression Denial of Service (ReDoS)

Overview path-parse is a Node.js path.parse ponyfill Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity. PoC var pathParse =...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

The vulnerability of the gst_aac_parse_sink_setcaps function (gst/audioparsers/gstaacparse.c) in the gst-plugins-good plugin for the Gstreamer multimedia framework allows a malicious actor to cause a service failure.

The vulnerability of the gstaacparsesinksetcaps function gst/audioparsers/gstaacparse.c in the gst-plugins-good plugin for the Gstreamer multimedia framework is related to the execution of operations outside of the buffer memory. Exploiting this vulnerability could allow a remote attacker to caus...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

AZL-6827 CVE-2021-23336 affecting package python2 for versions less than 2.7.18-8

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

CVE-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

CVE-2020-7071

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

CVE-2020-7071

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filtervar$url, FILTERVALIDATEURL, PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong dat...

PT-2021-3621 · Apache +10 · Apache Tomcat +10

Name of the Vulnerable Software and Affected Versions: python/cpython versions 0 through 3.6.13 python/cpython versions 3.7.0 through 3.7.10 python/cpython versions 3.8.0 through 3.8.8 python/cpython versions 3.9.0 through 3.9.2 Description: The issue is related to Web Cache Poisoning via...

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...