0.001 Low
EPSS
Percentile
40.5%
url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host.
url.pathname
github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788
github.com/unshiftio/url-parse/pull/226
huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155/
lists.debian.org/debian-lts-announce/2023/02/msg00030.html