168 matches found
CVE-2018-3774
Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...
CVE-2018-3774
CVE-2018-3774 affects the url-parse library prior to 1.4.3 and stems from incorrect hostname parsing. This can enable SSRF, open redirect, and potential bypass of authentication in affected workflows that rely on url-parse for URL handling. Exploitation scenarios include misparsing hosts in URLs ...
PT-2018-16192 · Npm +2 · Url-Parse +2
Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.4.3 Description: The issue is related to incorrect parsing in url-parse, which returns the wrong hostname. This can lead to multiple vulnerabilities, including Server Side Request Forgery SSRF, Open Redirect, and...
Open Redirect
Overview Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery SSRF, or Bypass Authentication Protocol vulnerabilities. Recommendation Update to version 1.4.3 or later. References - HackerOne Report - GitHub Commit - GitHub...
Node.js third-party modules: url-parse package return wrong hostname
Jul 19th 2018 - lolwaleet submitted a report to Node.js third-party modules. I would like to report url-parse package return wrong hostname in url-parse. Module module name: url-parse version: 1.4.1 npm page: https://www.npmjs.com/package/url-parse Module Description The url-parse method exposes...
GNU Wget CRLF Injection Vulnerability (CNVD-2017-03817)
GNU Wget is a set of free software developed by the GNU Project for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A CRLF injection vulnerability exists in the 'urlparse' function of the url.c file in GNU Wget 1.19.1 an...
DEBIAN-CVE-2017-6508
CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...
UBUNTU-CVE-2017-6508
CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...