Url-parse Security Vulnerabilities and Issues — Url-parse CVE List

Url-parse ProjectUrl-parse

8 matches found

CVE•added 2022/02/20 12:0 a.m.•212 views

CVE-2022-0686

CVE-2022-0686 affects the npm package url-parse (unshift.io) prior to 1.5.8. The root cause is an issue in hostname resolution when no port is provided, which can enable SSRF, open redirects, or other hostname-dependent attacks. Affected versions include unshift.io url-parse used in various npm d...

9.1CVSS7.5AI score0.00101EPSS

CVE•added 2022/02/14 12:0 a.m.•163 views

CVE-2022-0512

CVE-2022-0512 targets the unshift.io url-parse (NPM) package; authorization bypass is due to improper handling of username/password in the URL, affecting various Node.js/UNSHIFTED URL-parse deployments prior to version 1.5.6. Public advisories (Debian/Ubuntu IBM Spectrum Discover and other feeds)...

8.8CVSS5.4AI score0.00022EPSS

CVE•added 2022/02/17 12:0 a.m.•152 views

CVE-2022-0639

CVE-2022-0639 affects the Node.js URL parser library used in npm installs, specifically the node-url-parse package. Debian and Debian LTS advisories (DLA-4413-1) describe an authorization bypass where an incorrect conversion of special characters in the protocol (notably the @ character in href) ...

6.5CVSS5.4AI score0.00029EPSS

CVE•added 2022/02/21 12:0 a.m.•151 views

CVE-2022-0691

CVE-2022-0691 – In the npm package url-parse, versions prior to 1.5.9 are vulnerable to an authorization bypass via a user-controlled key in the URL parser. This stems from improper handling of the key, enabling bypass of authorization checks. Remediation: upgrade to url-parse 1.5.9 or later (pat...

9.8CVSS7.7AI score0.00086EPSS

CVE•added 2021/02/21 12:0 a.m.•127 views

CVE-2021-27515

CVE-2021-27515 affects the url-parse library (before 1.5.0), where backslash sequences in the protocol (e.g., http:/ or http:) can cause the parser to treat the URI as a relative path. Public advisories (Debian/Ubuntu) list this alongside other url-parse issues and indicate fixes via package upgr...

5.3CVSS5.4AI score0.00138EPSS

CVE•added 2020/02/04 7:8 p.m.•118 views

CVE-2020-8124

CVE-2020-8124 refers to a vulnerability in the url-parse npm package (versions

5.3CVSS5.4AI score0.00315EPSS

CVE•added 2021/07/26 12:0 a.m.•104 views

CVE-2021-3664

CVE-2021-3664 affects the url-parse library and enables a URL Redirection to Untrusted Site (Open Redirect) via its URL parsing logic. According to the connected document, the vulnerability is rooted in the url-parse component and has a CVSS v3.1 base score of 5.3 with vector (AV:N/AC:L/PR:N/UI:N...

5.3CVSS5.4AI score0.00239EPSS

CVE•added 2018/08/12 10:0 p.m.•82 views

CVE-2018-3774

CVE-2018-3774 affects the url-parse library prior to 1.4.3 and stems from incorrect hostname parsing. This can enable SSRF, open redirect, and potential bypass of authentication in affected workflows that rely on url-parse for URL handling. Exploitation scenarios include misparsing hosts in URLs ...

10CVSS9.5AI score0.01747EPSS