EUVD-2022-0924

Malicious code in bioql PyPI...

Authorization Bypass

url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host...

NPM url-parse 安全漏洞

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments. A security vulnerability exists in NPM url-parse that stems from bypassing authorization via a user-controlled key in NPM url-parse before 1.5.6...

0x-relayer-cat (>=0.0.3 <=0.0.10), @0x-klaytn/asset-swapper (>=4.2.1 <=4.2.2) +724 more potentially affected by CVE-2020-8124 via url-parse (>=0.1.5 <=1.4.4)

url-parse NPM version =0.1.5, =0.0.3, =4.2.1, =2.1.0-beta.4, =5.0.0-beta, =0.1.0-beta.2, =0.0.1, =0.1.1, =0.0.1, =0.1.0, =0.0.0-4, =0.0.1, =1.2.5, =1.5.0, =0.1.0, =0.1.7 and more Source cves: CVE-2020-8124 Source advisory: OSV:GHSA-46C4-8WRP-J99V...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site...

0x-relayer-cat (>=0.0.3 <=0.0.10), @0x-klaytn/asset-swapper (>=4.2.1 <=4.2.2) +4507 more potentially affected by CVE-2021-27515 via url-parse (>=0.1.5 <=1.4.7)

url-parse NPM version =0.1.5, =0.0.3, =4.2.1, =2.1.0-beta.4, =5.0.0-beta, =0.1.0-beta.2, =0.0.1, =0.0.31, =0.0.1, =1.0.2, =0.1.0, =0.1.0, =1.6.1, =0.2.0, =1.0.3, =2.1.1 and more Source cves: CVE-2021-27515 Source advisory: OSV:GHSA-9M6J-FCG5-2442...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

PT-2020-19961 · Npm +2 · Url-Parse +2

Name of the Vulnerable Software and Affected Versions: url-parse versions 1.4.4 and earlier Description: The issue is related to insufficient validation and sanitization of user input in the url-parse npm package, which may allow an attacker to bypass security checks. Recommendations: For version...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...