Lucene search
K

168 matches found

OSV
OSV
added 2022/02/21 9:15 a.m.2 views

DEBIAN-CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

9.8CVSS7.1AI score0.0222EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/02/21 9:15 a.m.37 views

CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

9.8CVSS6.9AI score0.0222EPSS
Exploits1References4
OSV
OSV
added 2022/02/21 9:15 a.m.4 views

UBUNTU-CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

9.8CVSS7.3AI score0.0222EPSS
Exploits1References5
Veracode
Veracode
added 2022/02/21 6:18 a.m.23 views

Authorization Bypass

url-parse is vulnerable to authorization bypass. Because the library does not properly validate the hostname in the toString function of index.js, an attacker can redirect to malicious URLs using the user-controlled key when no port number is specified in the URL...

9.1CVSS2.5AI score0.01827EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2022/02/21 12:0 a.m.42 views

GHSA-HGJH-723H-MX2J Authorization Bypass Through User-Controlled Key in url-parse

url-parse prior to version 1.5.8 is vulnerable to Authorization Bypass Through User-Controlled Key...

9.1CVSS8AI score0.01827EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/02/21 12:0 a.m.115 views

Authorization Bypass Through User-Controlled Key in url-parse

url-parse prior to version 1.5.8 is vulnerable to Authorization Bypass Through User-Controlled Key...

9.1CVSS3.9AI score0.01827EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2022/02/21 12:0 a.m.35 views

CVE-2022-0691 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

6.5CVSS9.5AI score0.0222EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/02/21 12:0 a.m.4 views

PT-2022-13363 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.9 Description: The issue arises from leading control characters in a URL not being stripped when passed into url-parse, potentially causing input URLs to be mistakenly interpreted as relative URLs without a...

10CVSS6.2AI score0.03805EPSS
Exploits7References41
CVE
CVE
added 2022/02/21 12:0 a.m.155 views

CVE-2022-0691

CVE-2022-0691 – In the npm package url-parse, versions prior to 1.5.9 are vulnerable to an authorization bypass via a user-controlled key in the URL parser. This stems from improper handling of the key, enabling bypass of authorization checks. Remediation: upgrade to url-parse 1.5.9 or later (pat...

9.8CVSS7.7AI score0.0222EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2022/02/21 12:0 a.m.90 views

CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

9.8CVSS8AI score0.0222EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/02/20 1:15 p.m.6 views

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

9.1CVSS7AI score0.01827EPSS
Exploits1References5
OSV
OSV
added 2022/02/20 1:15 p.m.4 views

DEBIAN-CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

9.1CVSS7.1AI score0.01827EPSS
Exploits1References1
NVD
NVD
added 2022/02/20 1:15 p.m.18 views

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

9.1CVSS0.01827EPSS
Exploits1References4
OSV
OSV
added 2022/02/20 1:15 p.m.6 views

UBUNTU-CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

9.1CVSS7.3AI score0.01827EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2022/02/20 1:15 p.m.36 views

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

9.1CVSS6.9AI score0.01827EPSS
Exploits1References5
Prion
Prion
added 2022/02/20 1:15 p.m.13 views

Authorization

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

6.4CVSS9.1AI score0.01827EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/02/20 12:0 a.m.15 views

CVE-2022-0686 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

6.5CVSS7.3AI score0.01827EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/02/20 12:0 a.m.20 views

CVE-2022-0686 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

6.5CVSS9.5AI score0.01827EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/20 12:0 a.m.5 views

NPM url-parse 安全漏洞

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments.An authorization bypass vulnerability exists in versions of NPM url-parse prior to 1.5.8, which can be exploited by attackers to bypass authorization via a user-controlled key...

9.1CVSS5.7AI score0.01827EPSS
Exploits1References7
CVE
CVE
added 2022/02/20 12:0 a.m.215 views

CVE-2022-0686

CVE-2022-0686 affects the npm package url-parse (unshift.io) prior to 1.5.8. The root cause is an issue in hostname resolution when no port is provided, which can enable SSRF, open redirects, or other hostname-dependent attacks. Affected versions include unshift.io url-parse used in various npm d...

9.1CVSS7.5AI score0.01827EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder