168 matches found
git-url-parse 安全漏洞
npm git-url-parse is an npm module from npm that is used to parse the URL addresses of Git repositories. A security vulnerability exists in git-url-parse crate 0.4.4 and earlier, which stems from a Regular Expression Denial of Service ReDos vulnerability...
git-url-parse Regular Expression Denial of Service
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
GHSA-4XQQ-73WG-5MJP git-url-parse Regular Expression Denial of Service
giturlparse aka git-url-parse through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS Regular Expression Denial of Service if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package for example, to check whether it accesses any Git...
agogosml-cli (=0.1.2), chip-wallet-dstack (>=1.3.0 <=1.5.0) +23 more potentially affected by CVE-2023-32758 via git-url-parse (>=1.0.2 <=1.2.2)
git-url-parse PYPI version =1.0.2, =1.3.0, =1.11.4, =0.3.1.1, =0.5.0, =0.0.4, =0.1.2, =0.1.0, =0.0.1, =0.25.0, =0.3.10, =0.6.8 and more Source cves: CVE-2023-32758 Source advisory: OSV:GHSA-4XQQ-73WG-5MJP...
CVE-2023-32758
The connected documents confirm CVE-2023-32758 affects git-url-parse (Python) up to 1.2.2, used by Semgrep versions 1.5.2–1.24.1. The issue is a Regular Expression Denial of Service (ReDoS) when parsing untrusted URLs, with potential impact if a package’s author embeds a crafted URL in a target p...
USN-5973-1: url-parse vulnerabilities
It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service, or to perform a server-side request forgery attack or open...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : url-parse vulnerabilities (USN-5973-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5973-1 advisory. It was discovered that url-parse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a...
[SECURITY] [DLA 3336-1] node-url-parse security update
Debian LTS Advisory DLA-3336-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 23, 2023 https://wiki.debian.org/LTS Package : node-url-parse Version : 1.2.0-2+deb10u2 CVE ID : CVE-2021-3664 CVE-2021-27515 CVE-2022-0512 CVE-2022-0639 CVE-2022-0686...
Debian: Security Advisory (DLA-3336-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3336 : node-url-parse - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3336 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3336-1 [email protected]...
DLA-3336-1 node-url-parse - security update
Bulletin has no description...
RHEL 7 : Red Hat OpenShift Service Mesh 1.0.10 Jaeger and Kiali (RHSA-2020:0972)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0972 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
CVE-2022-45213
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL...
Regular Expression Denial Of Service (ReDoS)
jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in the url parse function in src/core.js, and due to insufficient regular expression complexity checks an attacker can cause a ReDoS when supplying input to the url parse function. This CVE exists du...
CVE-2022-0686
An authorization bypass flaw was found in url-parse. While submitting a URL, a local unauthenticated attacker can add a trailing colon :, but omit the port number. This issue enables an open redirect that allows the exposure of sensitive information or spamming of infrastructure outside the...
CVE-2022-0691
An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add a backspace character \b while submitting a URL. This vulnerability can enable bypassing any hostname checks...
CVE-2022-0639
An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add an at symbol @ while submitting a URL. This issue enables the bypass of validation or block-listing restrictions...
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Leading control characters in a URL are not stripped when passed into url-parse. This can cause input URLs to be mistakenly be interpreted as a relative URL without a hostname and protocol, while the WHATWG URL parser will trim control characters and treat it as an absolute URL. If url-parse is...
NPM url-parse authorization bypass vulnerability
Url-Parse is a small Url parser that works seamlessly across Node.js and browser environments.An authorization bypass vulnerability exists in versions of NPM url-parse prior to 1.5.8, which can be exploited by attackers to bypass authorization via a user-controlled key...
DEBIAN-CVE-2022-0691
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9...