Lucene search
Veracode Vulnerability DatabaseVERACODE:34282HistoryFeb 18, 2022 - 1:09 p.m.
Authorization Bypass
2022-02-1813:09:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
0.001 Low
EPSS
Percentile
40.5%
url-parse is vulnerable to authorization bypass. The use of User-Controlled Key allows an attacker to transform original invalid URL into a valid one with url.pathname as host.
Related
redhatcve
redhatcve
CVE-2022-0639
2022-02-23 12:17:58
osv
osv
CVE-2022-0639
2022-02-17 18:15:08
url-parse Incorrectly parses URLs that include an '@'
2022-02-18 00:00:33
node-url-parse - security update
2023-02-23 00:00:00
github
github
url-parse Incorrectly parses URLs that include an '@'
2022-02-18 00:00:33
huntr
huntr
in unshiftio/url-parse
2022-02-14 06:51:38
debiancve
debiancve
CVE-2022-0639
2022-02-17 18:15:08
prion
prion
Authorization
2022-02-17 18:15:00
nvd
nvd
CVE-2022-0639
2022-02-17 18:15:08
cve
cve
CVE-2022-0639
2022-02-17 18:15:08
ubuntucve
ubuntucve
CVE-2022-0639
2022-02-17 00:00:00
cvelist
cvelist
nessus
nessus
Debian DLA-3336-1 : node-url-parse - LTS security update
2023-02-23 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3336-1)
2023-02-23 00:00:00
Ubuntu: Security Advisory (USN-5973-1)
2023-03-28 00:00:00
debian
debian
[SECURITY] [DLA 3336-1] node-url-parse security update
2023-02-23 00:55:13
ubuntu
ubuntu
url-parse vulnerabilities
2023-03-27 00:00:00
ibm
ibm
redhat
redhat