CVE-2022-0722

CVE-2022-0722 affects the parse-url library in the GitHub repo ionicabizau/parse-url prior to version 7.0.0, enabling exposure of sensitive information to an unauthorized actor. The vulnerability is a client-visible information disclosure, capable of being triggered by crafted requests that leak ...

CVE-2022-2217

The CVE-2022-2217 issue is a cross-site scripting (XSS) vulnerability in the npm package parse-url (GitHub: ionicabizau/parse-url) affecting versions prior to 7.0.0 . The root cause is the ability to inject or execute malicious JavaScript on webpages produced by the affected package through craft...

CVE-2022-2216

CVE-2022-2216 corresponds to a Server-Side Request Forgery (SSRF) in the GitHub repository ionicabizau/parse-url, affecting versions prior to 7.0.0. The connected documents describe the issue as an SSRF flaw in the URL parsing logic (with references noting potential local file access). The root c...

CVE-2022-2900

CVE-2022-2900 affects the npm package parse-url (GitHub: ionicabizau/parse-url) up to version 8.0.x; it is a Server-Side Request Forgery (SSRF) vulnerability that could allow a remote attacker to induce the server to perform requests on its behalf. The NVD/CVSS data assign a 9.1 CRITICAL base sco...

CVE-2022-2218

CVE-2022-2218 describes a stored XSS vulnerability in the parse-url library by ionicabizau, affecting versions prior to 7.0.0. The issue allows an attacker to place malicious JavaScript on a page via the vulnerable parse-url handling. The provided documents confirm the vulnerability but do not sp...

CVE-2022-3224

CVE-2022-3224 concerns the parse-url npm package by ionică Bizău, affected in versions prior to 8.1.0. The root cause is a misinterpretation of input that leads to incorrect parsing of http/https URLs (e.g., misclassifying the URL protocol as ssh and misparsing the hostname). Reported impacts inc...