168 matches found
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.0.10 Jaeger and Kiali security update
An update for Jaeger and Kiali is now available for Openshift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...
CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...
DEBIAN-CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...
CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...
UBUNTU-CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...
CVE-2020-8124
CVE-2020-8124 refers to a vulnerability in the url-parse npm package (versions
CVE-2020-8124
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...
PT-2020-19961 · Npm +2 · Url-Parse +2
Name of the Vulnerable Software and Affected Versions: url-parse versions 1.4.4 and earlier Description: The issue is related to insufficient validation and sanitization of user input in the url-parse npm package, which may allow an attacker to bypass security checks. Recommendations: For version...
Cross-Site Scripting (XSS)
url-parse is vulnerable to cross-site scripting XSS. The vulnerability exists as the unsanitized value of address in index.js could be used to bypass validation checks when used in the browser...
PT-2019-4598 · Python +8 · Python +8
Name of the Vulnerable Software and Affected Versions: Python versions 2.7.x through 2.7.16 and 3.x through 3.7.2 Description: The issue is related to improper handling of Unicode encoding during NFKC normalization, which can lead to information disclosure, including credentials and cookies cache...
Node.js third-party modules: [url-parse] Improper Validation and Sanitization
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report Improper...
@afshin/custom404-extension (>=0.1.1 <=0.1.3), @apache-royale/cli (>=0.1.0 <=0.2.2) +443 more potentially affected by CVE-2018-3774 via url-parse (>=1.0.2 <=1.4.1)
url-parse NPM version =1.0.2, =0.1.1, =0.1.0, =0.0.1, =0.1.0, =0.1.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =1.1.1, =2.0.0, =2.0.0, =4.1.0 - @datalayer/jupyterlab-hub-extension =0.8.1 and more Source cves: CVE-2018-3774 Source advisory: OSV:GHSA-PV4C-P2J5-38J4...
Open Redirect in url-parse
Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery SSRF, or Bypass Authentication Protocol vulnerabilities. Recommendation Update to version 1.4.3 or later...
Design/Logic Flaw
Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...
CVE-2018-3774
Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...
CVE-2018-3774
Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...
DEBIAN-CVE-2018-3774
Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...
CVE-2018-3774
Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...