Lucene search
K

168 matches found

Debian CVE
Debian CVE
added 2018/08/12 10:0 p.m.79 views

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

10CVSS9.8AI score0.03805EPSS
Exploits0
CVE
CVE
added 2018/08/12 10:0 p.m.88 views

CVE-2018-3774

CVE-2018-3774 affects the url-parse library prior to 1.4.3 and stems from incorrect hostname parsing. This can enable SSRF, open redirect, and potential bypass of authentication in affected workflows that rely on url-parse for URL handling. Exploitation scenarios include misparsing hosts in URLs ...

10CVSS9.5AI score0.03805EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2018/08/12 12:0 a.m.3 views

PT-2018-16192 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.4.3 Description: The issue is related to incorrect parsing in url-parse, which returns the wrong hostname. This can lead to multiple vulnerabilities, including Server Side Request Forgery SSRF, Open Redirect, and...

10CVSS6.4AI score0.03805EPSS
Exploits7References36
Node.js
Node.js
added 2018/08/02 3:2 p.m.588 views

Open Redirect

Overview Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery SSRF, or Bypass Authentication Protocol vulnerabilities. Recommendation Update to version 1.4.3 or later. References - HackerOne Report - GitHub Commit - GitHub...

7.5CVSS3.5AI score0.03805EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/07/19 9:49 a.m.71 views

Node.js third-party modules: url-parse package return wrong hostname

Jul 19th 2018 - lolwaleet submitted a report to Node.js third-party modules. I would like to report url-parse package return wrong hostname in url-parse. Module module name: url-parse version: 1.4.1 npm page: https://www.npmjs.com/package/url-parse Module Description The url-parse method exposes...

7.5CVSS0.2AI score0.03805EPSS
Exploits0
CNVD
CNVD
added 2017/03/10 12:0 a.m.3 views

GNU Wget CRLF Injection Vulnerability (CNVD-2017-03817)

GNU Wget is a set of free software developed by the GNU Project for downloading over the Internet, which supports downloading over the three most common TCP/IP protocols: HTTP, HTTPS, and FTP. A CRLF injection vulnerability exists in the 'urlparse' function of the url.c file in GNU Wget 1.19.1 an...

6.1CVSS8.8AI score0.03086EPSS
Exploits1References1
OSV
OSV
added 2017/03/07 8:59 a.m.3 views

DEBIAN-CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

6.1CVSS8.6AI score0.03086EPSS
Exploits1References1
OSV
OSV
added 2017/03/07 12:0 a.m.5 views

UBUNTU-CVE-2017-6508

CRLF injection vulnerability in the urlparse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL...

6.1CVSS6.9AI score0.03086EPSS
Exploits1References6
Rows per page
Query Builder