7 matches found
EUVD-2022-1531
Malicious code in bioql PyPI...
Improper Input Validation
url-js is vulnerable to improper input validation. The vulnerability exists in parseUrl function in parseUrl.js because the inputs are not parsed properly which allows an attacker to perform host name spoofing...
GHSA-RF54-44JR-Q5VF Improper Input Validation in url-js
The package url-js before 2.1.0 is vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...
CVE-2022-25839
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...
Input validation
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...
CVE-2022-25839
The CVE concerns the JavaScript package url-js prior to version 2.1.0 . The vulnerability arises from improper input validation during parsing in the URL.js parser, allowing hostname spoofing (for example, both http://\\\\localhost and http://localhost are treated as the same URL, with the backsl...
CVE-2022-25839 Improper Input Validation
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is...