Lucene search
Veracode Vulnerability DatabaseVERACODE:34230HistoryFeb 15, 2022 - 9:18 a.m.
Authorization Bypass
2022-02-1509:18:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
authorization bypass
url-parse
index.js
user information
software
EPSS
0.001
Percentile
45.1%
url-parse is vulnerable to authorization bypass. The vulnerability exists in Url function of index.js because the user name and password are not properly handled which allows a malicious user to modify user information.
References
github.com/advisories/GHSA-rqff-837h-mm52
github.com/unshiftio/url-parse/blob/master/index.js#L17-L540
github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40
github.com/unshiftio/url-parse/pull/223
huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b
huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b/
lists.debian.org/debian-lts-announce/2023/02/msg00030.html
Related
cve
cve
CVE-2022-0512
2022-02-14 16:15:07
ubuntucve
ubuntucve
CVE-2022-0512
2022-02-14 00:00:00
osv
osv
Authorization bypass in url-parse
2022-02-15 00:02:46
CVE-2022-0512
2022-02-14 16:15:07
node-url-parse - security update
2023-02-23 00:00:00
github
github
Authorization bypass in url-parse
2022-02-15 00:02:46
nvd
nvd
CVE-2022-0512
2022-02-14 16:15:07
cvelist
cvelist
redhatcve
redhatcve
CVE-2022-0512
2022-02-15 13:05:26
debiancve
debiancve
CVE-2022-0512
2022-02-14 16:15:07
huntr
huntr
in unshiftio/url-parse
2022-01-07 18:23:31
prion
prion
Authorization
2022-02-14 16:15:00
nessus
nessus
Debian DLA-3336-1 : node-url-parse - LTS security update
2023-02-23 00:00:00
debian
debian
[SECURITY] [DLA 3336-1] node-url-parse security update
2023-02-23 00:55:13
openvas
openvas
Debian: Security Advisory (DLA-3336-1)
2023-02-23 00:00:00
Ubuntu: Security Advisory (USN-5973-1)
2023-03-28 00:00:00
ubuntu
ubuntu
url-parse vulnerabilities
2023-03-27 00:00:00
ibm
ibm
redhat
redhat