168 matches found
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
Authorization
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
in unshiftio/url-parse
Description Incorrect conversion of @ in protocol in the href leads to improper validation of hostname. Proof of Concept Url-parse is not able to verify broken protocol. This will allow to bypass hostname validation. parse = require'url-parse' console.logparse"http:@/127.0.0.1" Now imagine if the...
CVE-2022-0512 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
CVE-2022-0512 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
CVE-2022-0512
CVE-2022-0512 targets the unshift.io url-parse (NPM) package; authorization bypass is due to improper handling of username/password in the URL, affecting various Node.js/UNSHIFTED URL-parse deployments prior to version 1.5.6. Public advisories (Debian/Ubuntu IBM Spectrum Discover and other feeds)...
PT-2022-13228 · Parse-Url +2 · Url-Parse +2
Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.6 Description: The issue is related to an authorization bypass through a user-controlled key. This allows for unauthorized access. The estimated number of potentially affected devices is not specified...
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
NPM url-parse 安全漏洞
Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in NPM url-parse that stems from bypassing authorization via a user-controlled key in NPM url-parse before 1.5.6...
0x-relayer-cat (>=0.0.3 <=0.0.10), @0x-klaytn/asset-swapper (>=4.2.1 <=4.2.2) +724 more potentially affected by CVE-2020-8124 via url-parse (>=0.1.5 <=1.4.4)
url-parse NPM version =0.1.5, =0.0.3, =4.2.1, =2.1.0-beta.4, =5.0.0-beta, =0.1.0-beta.2, =0.0.1, =0.1.1, =0.0.1, =0.1.0, =0.0.0-4, =0.0.1, =1.2.5, =1.5.0, =0.1.0, =0.1.7 and more Source cves: CVE-2020-8124 Source advisory: OSV:GHSA-46C4-8WRP-J99V...
Improper Validation and Sanitization in url-parse
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...
GHSA-46C4-8WRP-J99V Improper Validation and Sanitization in url-parse
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...
Open Redirect
Overview Overview Affected versions of npm url-parse are vulnerable to URL Redirection to Untrusted Site. Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. Recommendation Upgrade to...
GHSA-HH27-FFR2-F2JC Open redirect in url-parse
Overview Affected versions of npm url-parse are vulnerable to URL Redirection to Untrusted Site. Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior...
Open redirect in url-parse
Overview Affected versions of npm url-parse are vulnerable to URL Redirection to Untrusted Site. Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior...
CVE-2021-3664
An input validation flaw was found in the nodejs url-parse library, which incorrectly parses a URL that contains backslashes. This flaw allows an attacker to specify a relative URL and cause the browser to redirect to a malicious website. The highest threat from this vulnerability is to integrity...
CVE-2021-3664
url-parse is vulnerable to URL Redirection to Untrusted Site...
DEBIAN-CVE-2021-3664
url-parse is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3664
url-parse is vulnerable to URL Redirection to Untrusted Site...
CVE-2021-3664
url-parse is vulnerable to URL Redirection to Untrusted Site...