Lucene search
K

168 matches found

UbuntuCve
UbuntuCve
added 2022/02/14 4:15 p.m.47 views

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS6.8AI score0.01782EPSS
Exploits1References4
Prion
Prion
added 2022/02/14 4:15 p.m.21 views

Authorization

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

5CVSS6.9AI score0.01782EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2022/02/14 6:51 a.m.33 views

in unshiftio/url-parse

Description Incorrect conversion of @ in protocol in the href leads to improper validation of hostname. Proof of Concept Url-parse is not able to verify broken protocol. This will allow to bypass hostname validation. parse = require'url-parse' console.logparse"http:@/127.0.0.1" Now imagine if the...

5CVSS0.7AI score0.01535EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/02/14 12:0 a.m.27 views

CVE-2022-0512 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS7.3AI score0.01782EPSS
Exploits1References3
OSV
OSV
added 2022/02/14 12:0 a.m.20 views

CVE-2022-0512 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS6.8AI score0.01782EPSS
Exploits1References5
CVE
CVE
added 2022/02/14 12:0 a.m.167 views

CVE-2022-0512

CVE-2022-0512 targets the unshift.io url-parse (NPM) package; authorization bypass is due to improper handling of username/password in the URL, affecting various Node.js/UNSHIFTED URL-parse deployments prior to version 1.5.6. Public advisories (Debian/Ubuntu IBM Spectrum Discover and other feeds)...

8.8CVSS5.4AI score0.01782EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/14 12:0 a.m.3 views

PT-2022-13228 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.6 Description: The issue is related to an authorization bypass through a user-controlled key. This allows for unauthorized access. The estimated number of potentially affected devices is not specified...

10CVSS6.3AI score0.03805EPSS
Exploits7References40
Debian CVE
Debian CVE
added 2022/02/14 12:0 a.m.39 views

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS6.8AI score0.01782EPSS
Exploits1
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.5 views

NPM url-parse 安全漏洞

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in NPM url-parse that stems from bypassing authorization via a user-controlled key in NPM url-parse before 1.5.6...

8.8CVSS7AI score0.01782EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2022/01/06 8:30 p.m.4 views

0x-relayer-cat (>=0.0.3 <=0.0.10), @0x-klaytn/asset-swapper (>=4.2.1 <=4.2.2) +724 more potentially affected by CVE-2020-8124 via url-parse (>=0.1.5 <=1.4.4)

url-parse NPM version =0.1.5, =0.0.3, =4.2.1, =2.1.0-beta.4, =5.0.0-beta, =0.1.0-beta.2, =0.0.1, =0.1.1, =0.0.1, =0.1.0, =0.0.0-4, =0.0.1, =1.2.5, =1.5.0, =0.1.0, =0.1.7 and more Source cves: CVE-2020-8124 Source advisory: OSV:GHSA-46C4-8WRP-J99V...

5.3CVSS6.7AI score0.01652EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/01/06 8:30 p.m.38 views

Improper Validation and Sanitization in url-parse

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

5.3CVSS5.8AI score0.01652EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/01/06 8:30 p.m.16 views

GHSA-46C4-8WRP-J99V Improper Validation and Sanitization in url-parse

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

5.3CVSS5.9AI score0.01652EPSS
Exploits1References5
Node.js
Node.js
added 2021/08/10 4:10 p.m.58 views

Open Redirect

Overview Overview Affected versions of npm url-parse are vulnerable to URL Redirection to Untrusted Site. Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. Recommendation Upgrade to...

5CVSS4.8AI score0.01834EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/08/10 4:7 p.m.4 views

GHSA-HH27-FFR2-F2JC Open redirect in url-parse

Overview Affected versions of npm url-parse are vulnerable to URL Redirection to Untrusted Site. Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior...

6.1CVSS7.2AI score0.01834EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2021/08/10 4:7 p.m.61 views

Open redirect in url-parse

Overview Affected versions of npm url-parse are vulnerable to URL Redirection to Untrusted Site. Impact Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior...

5.3CVSS6.4AI score0.01834EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVE
added 2021/08/03 6:24 a.m.74 views

CVE-2021-3664

An input validation flaw was found in the nodejs url-parse library, which incorrectly parses a URL that contains backslashes. This flaw allows an attacker to specify a relative URL and cause the browser to redirect to a malicious website. The highest threat from this vulnerability is to integrity...

5.3CVSS4.1AI score0.01964EPSS
Exploits2References4
NVD
NVD
added 2021/07/26 12:15 p.m.24 views

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

5.3CVSS0.01834EPSS
Exploits1References3
OSV
OSV
added 2021/07/26 12:15 p.m.2 views

DEBIAN-CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

5.3CVSS6.9AI score0.01834EPSS
Exploits1References1
OSV
OSV
added 2021/07/26 12:15 p.m.32 views

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

5.3CVSS6.5AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/07/26 12:15 p.m.38 views

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

5.3CVSS6.8AI score0.01834EPSS
Exploits1References5
Rows per page
Query Builder