Lucene search
K

168 matches found

Positive Technologies
Positive Technologies
added 2022/02/20 12:0 a.m.2 views

PT-2022-13358 · Parse-Url +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions prior to 1.5.8 Description: The issue is related to an Authorization Bypass Through User-Controlled Key. This allows for potential unauthorized access. The estimated number of potentially affected devices worldwide is not...

10CVSS6.2AI score0.03805EPSS
Exploits7References40
Debian CVE
Debian CVE
added 2022/02/20 12:0 a.m.53 views

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8...

9.1CVSS7.8AI score0.01827EPSS
Exploits1
Veracode
Veracode
added 2022/02/18 1:9 p.m.47 views

Authorization Bypass

url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host...

5.3CVSS2.9AI score0.01535EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2022/02/18 12:0 a.m.29 views

GHSA-8V38-PW62-9CW2 url-parse Incorrectly parses URLs that include an '@'

A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...

6.5CVSS6.8AI score0.01535EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/02/18 12:0 a.m.44 views

url-parse Incorrectly parses URLs that include an '@'

A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, url-parse will return the incorrect href. In particular, js parse"http://@/127.0.0.1" Will return: yaml slashes: true, protocol: 'http:', hash: '', query: '', pathname: '/127.0.0.1', auth:...

6.5CVSS6.7AI score0.01535EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/02/17 6:15 p.m.1 views

DEBIAN-CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

5.3CVSS6.5AI score0.01535EPSS
Exploits1References1
NVD
NVD
added 2022/02/17 6:15 p.m.17 views

CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

6.5CVSS0.01535EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/02/17 6:15 p.m.42 views

CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

6.5CVSS6.8AI score0.01535EPSS
Exploits1References5
Prion
Prion
added 2022/02/17 6:15 p.m.18 views

Authorization

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

5CVSS6AI score0.01535EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.6 views

url-parse 安全漏洞

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in url-parse versions prior to 1.5.7, which can be exploited by an attacker to bypass authorization via a user-controlled key...

6.5CVSS7AI score0.01535EPSS
Exploits1References5
OSV
OSV
added 2022/02/17 12:0 a.m.24 views

CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

6.5CVSS6.8AI score0.01535EPSS
Exploits1References6
Cvelist
Cvelist
added 2022/02/17 12:0 a.m.28 views

CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7...

6.5CVSS7.3AI score0.01535EPSS
Exploits1References3
CVE
CVE
added 2022/02/17 12:0 a.m.157 views

CVE-2022-0639

CVE-2022-0639 affects the Node.js URL parser library used in npm installs, specifically the node-url-parse package. Debian and Debian LTS advisories (DLA-4413-1) describe an authorization bypass where an incorrect conversion of special characters in the protocol (notably the @ character in href) ...

6.5CVSS5.4AI score0.01535EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2022/02/15 1:5 p.m.72 views

CVE-2022-0512

An authorization bypass vulnerability was found in nodes-url-parse. This flaw allows a remote attacker with a basic user account to evade hostname verification by inserting the at symbol "@" at the end of the password field. This issue can allow entry to systems designed to block remote access an...

8.8CVSS3.7AI score0.01782EPSS
Exploits1References3
Veracode
Veracode
added 2022/02/15 9:18 a.m.33 views

Authorization Bypass

url-parse is vulnerable to authorization bypass. The vulnerability exists in Url function of index.js because the user name and password are not properly handled which allows a malicious user to modify user information...

5.3CVSS2.5AI score0.01782EPSS
Exploits1References7Affected Software2
Github Security Blog
Github Security Blog
added 2022/02/15 12:2 a.m.37 views

Authorization bypass in url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS2.9AI score0.01782EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/02/14 4:15 p.m.3 views

DEBIAN-CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

5.3CVSS6.7AI score0.01782EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/02/14 4:15 p.m.7 views

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS6.7AI score0.01782EPSS
Exploits1References4
NVD
NVD
added 2022/02/14 4:15 p.m.23 views

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS0.01782EPSS
Exploits1References3
OSV
OSV
added 2022/02/14 4:15 p.m.4 views

UBUNTU-CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6...

8.8CVSS7.3AI score0.01782EPSS
Exploits1References5
Rows per page
Query Builder