Lucene search
K

168 matches found

CNNVD
CNNVD
added 2023/06/12 12:0 a.m.6 views

git-url-parse 安全漏洞

npm git-url-parse is an npm module from npm that is used to parse the URL addresses of Git repositories. A security vulnerability exists in git-url-parse crate 0.4.4 and earlier, which stems from a Regular Expression Denial of Service ReDos vulnerability...

7.5CVSS7.3AI score0.00758EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/05/15 6:30 a.m.28 views

git-url-parse Regular Expression Denial of Service

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

7.5CVSS7.2AI score0.01033EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/05/15 6:30 a.m.6 views

GHSA-4XQQ-73WG-5MJP git-url-parse Regular Expression Denial of Service

giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...

7.5CVSS5.8AI score0.01033EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2023/05/15 6:30 a.m.3 views

agogosml-cli (=0.1.2), chip-wallet-dstack (>=1.3.0 <=1.5.0) +23 more potentially affected by CVE-2023-32758 via git-url-parse (>=1.0.2 <=1.2.2)

git-url-parse PYPI version =1.0.2, =1.3.0, =1.11.4, =0.3.1.1, =0.5.0, =0.0.4, =0.1.2, =0.1.0, =0.0.1, =0.25.0, =0.3.10, =0.6.8 and more Source cves: CVE-2023-32758 Source advisory: OSV:GHSA-4XQQ-73WG-5MJP...

7.5CVSS7.1AI score0.01033EPSS
Exploits0
CVE
CVE
added 2023/05/15 12:0 a.m.61 views

CVE-2023-32758

The connected documents confirm CVE-2023-32758 affects git-url-parse (Python) up to 1.2.2, used by Semgrep versions 1.5.2–1.24.1. The issue is a Regular Expression Denial of Service (ReDoS) when parsing untrusted URLs, with potential impact if a package’s author embeds a crafted URL in a target p...

7.5CVSS7.3AI score0.01033EPSS
Exploits0References5Affected Software1
Ubuntu
Ubuntu
added 2023/03/27 2:59 p.m.93 views

USN-5973-1: url-parse vulnerabilities

It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open...

10CVSS6.7AI score0.03805EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2023/03/27 12:0 a.m.34 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : url-parse vulnerabilities (USN-5973-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5973-1 advisory. It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...

10CVSS6.6AI score0.03805EPSS
Exploits7References9
Debian
Debian
added 2023/02/23 12:55 a.m.50 views

[SECURITY] [DLA 3336-1] node-url-parse security update

Debian LTS Advisory DLA-3336-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 23, 2023 https://wiki.debian.org/LTS Package : node-url-parse Version : 1.2.0-2+deb10u2 CVE ID : CVE-2021-3664 CVE-2021-27515 CVE-2022-0512 CVE-2022-0639 CVE-2022-0686...

9.8CVSS6.6AI score0.0222EPSS
Exploits6
OpenVAS
OpenVAS
added 2023/02/23 12:0 a.m.22 views

Debian: Security Advisory (DLA-3336-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.0222EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2023/02/23 12:0 a.m.41 views

Debian dla-3336 : node-url-parse - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3336 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3336-1 [email protected]...

9.8CVSS6.8AI score0.0222EPSS
Exploits6References14
OSV
OSV
added 2023/02/23 12:0 a.m.37 views

DLA-3336-1 node-url-parse - security update

Bulletin has no description...

9.8CVSS5.6AI score0.0222EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.43 views

RHEL 7 : Red Hat OpenShift Service Mesh 1.0.10 Jaeger and Kiali (RHSA-2020:0972)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0972 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

8.6CVSS7.4AI score0.01652EPSS
Exploits1References6
OSV
OSV
added 2023/01/01 8:15 a.m.4 views

CVE-2022-45213

perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL...

5.3CVSS5.8AI score0.00634EPSS
Exploits1References2
Veracode
Veracode
added 2022/07/15 5:14 p.m.86 views

Regular Expression Denial Of Service (ReDoS)

jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in the url parse function in src/core.js, and due to insufficient regular expression complexity checks an attacker can cause a ReDoS when supplying input to the url parse function. This CVE exists du...

7.5CVSS7AI score0.01562EPSS
Exploits2References4Affected Software1
RedhatCVE
RedhatCVE
added 2022/03/02 2:50 p.m.80 views

CVE-2022-0686

An authorization bypass flaw was found in url-parse. While submitting a URL, a local unauthenticated attacker can add a trailing colon :, but omit the port number. This issue enables an open redirect that allows the exposure of sensitive information or spamming of infrastructure outside the...

9.1CVSS2.7AI score0.01827EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/03/02 2:50 p.m.36 views

CVE-2022-0691

An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add a backspace character \b while submitting a URL. This vulnerability can enable bypassing any hostname checks...

9.8CVSS2.7AI score0.0222EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/02/23 12:17 p.m.55 views

CVE-2022-0639

An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add an at symbol @ while submitting a URL. This issue enables the bypass of validation or block-listing restrictions...

6.5CVSS3.3AI score0.01535EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/02/22 12:0 a.m.44 views

url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.

Leading control characters in a URL are not stripped when passed into url-parse. This can cause input URLs to be mistakenly be interpreted as a relative URL without a hostname and protocol, while the WHATWG URL parser will trim control characters and treat it as an absolute URL. If url-parse is...

9.8CVSS8.1AI score0.0222EPSS
Exploits1References7Affected Software1
CNVD
CNVD
added 2022/02/22 12:0 a.m.21 views

NPM url-parse authorization bypass vulnerability

Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments.An authorization bypass vulnerability exists in versions of NPM url-parse prior to 1.5.8, which can be exploited by attackers to bypass authorization via a user-controlled key...

9.1CVSS5.5AI score0.01827EPSS
Exploits1References1
OSV
OSV
added 2022/02/21 9:15 a.m.2 views

DEBIAN-CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...

9.8CVSS7.1AI score0.0222EPSS
Exploits1References1
Rows per page
Query Builder