Lucene search

Url-Parse Security Vulnerabilities

cve

CVE-2018-3774

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

10CVSS

9.5AI Score

0.003EPSS

2018-08-12 10:29 PM

cve

CVE-2020-8124

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

5.3CVSS

5.4AI Score

0.001EPSS

2020-02-04 08:15 PM

cve

CVE-2021-27515

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.

5.3CVSS

5.4AI Score

0.002EPSS

2021-02-22 12:15 AM

cve

CVE-2021-3664

url-parse is vulnerable to URL Redirection to Untrusted Site

5.3CVSS

5.3AI Score

0.001EPSS

2021-07-26 12:15 PM

cve

CVE-2022-0512

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.

5.3CVSS

5.3AI Score

0.001EPSS

2022-02-14 04:15 PM

cve

CVE-2022-0639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

5.3CVSS

5.3AI Score

0.001EPSS

2022-02-17 06:15 PM

100

cve

CVE-2022-0686

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

9.1CVSS

8.9AI Score

0.002EPSS

2022-02-20 01:15 PM

151

cve

CVE-2022-0691

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.

9.8CVSS

9.1AI Score

0.003EPSS

2022-02-21 09:15 AM