168 matches found
PT-2022-13358 · Parse-Url +2 · Url-Parse +2
Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.8 Description: The issue is related to an Authorization Bypass Through User-Controlled Key. This allows for potential unauthorized access. The estimated number of potentially affected devices worldwide is not...
CVE-2022-0686
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...
Authorization Bypass
url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host...
GHSA-8V38-PW62-9CW2 url-parse Incorrectly parses URLs that include an '@'
A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...
url-parse Incorrectly parses URLs that include an '@'
A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...
DEBIAN-CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
Authorization
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
url-parse 安全漏洞
Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in url-parse versions prior to 1.5.7, which can be exploited by an attacker to bypass authorization via a user-controlled key...
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...
CVE-2022-0639
CVE-2022-0639 affects the Node.js URL parser library used in npm installs, specifically the node-url-parse package. Debian and Debian LTS advisories (DLA-4413-1) describe an authorization bypass where an incorrect conversion of special characters in the protocol (notably the @ character in href) ...
CVE-2022-0512
An authorization bypass vulnerability was found in nodes-url-parse. This flaw allows a remote attacker with a basic user account to evade hostname verification by inserting the at symbol "@" at the end of the password field. This issue can allow entry to systems designed to block remote access an...
Authorization Bypass
url-parse is vulnerable to authorization bypass. The vulnerability exists in Url function of index.js because the user name and password are not properly handled which allows a malicious user to modify user information...
Authorization bypass in url-parse
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
DEBIAN-CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...
UBUNTU-CVE-2022-0512
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...