EPSS
Percentile
57.1%
parse-url is vulnerable to server-side request forgery (SSRF) attacks. Improper handling of user credentials allow remote attackers to bypass hostname checks and perform SSRF attacks via the vulnerable parseUrl function.
parseUrl
github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3
github.com/IonicaBizau/parse-url/pull/37
huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1
huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1/