parse-url is vulnerable to server-side request forgery. The vulnerability exists in the parseUrl
function in index.js
because it doesn’t validate url or detect the protocol, resource, pathname and user param properly which allows an attacker to cause an ssrf bypass via a crafted url.