Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:37036
HistorySep 15, 2022 - 6:35 a.m.

Server-Side Request Forgery (SSRF)

2022-09-1506:35:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
parse-url vulnerability
ssrf
index.js
software vulnerability
crafted url

EPSS

0.002

Percentile

51.4%

JSON

parse-url is vulnerable to server-side request forgery. The vulnerability exists in the parseUrl function in index.js because it doesn’t validate url or detect the protocol, resource, pathname and user param properly which allows an attacker to cause an ssrf bypass via a crafted url.

Related

osv 2
github 1
cvelist 1
prion 1
huntr 1
cve 1
nvd 1
ibm 1
osv
osv
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
2022-09-15 00:00:24
CVE-2022-2900
2022-09-14 11:15:47
github
github
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
2022-09-15 00:00:24
cvelist
cvelist
CVE-2022-2900 Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
2022-09-14 08:30:13
prion
prion
Server side request forgery (ssrf)
2022-09-14 11:15:00
huntr
huntr
parser bypass and make SSRF attack
2022-08-03 11:54:37
cve
cve
CVE-2022-2900
2022-09-14 11:15:47
nvd
nvd
CVE-2022-2900
2022-09-14 11:15:47
ibm
ibm
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2024-01-03 13:16:10

EPSS

0.002

Percentile

51.4%

JSON
Related for VERACODE:37036
osv2github1cvelist1prion1huntr1cve1nvd1ibm1