Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:37044
HistorySep 16, 2022 - 4:03 a.m.

Hostname Spoofing

2022-09-1604:03:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
parseurl
hostname spoofing
index.js
software vulnerability
ssh url

EPSS

0.001

Percentile

30.0%

JSON

parse-url is vulnerable to hostname spoofing. The vulnerability exists because the parseUrl function of index.js does not properly identify the custom user in ssh url and hostname, allowing an attacker to gain sensitive information by redirecting to the malicious urls.

Related

github 1
prion 1
nvd 1
cve 1
huntr 1
osv 2
cvelist 1
ibm 1
github
github
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
2022-09-16 00:00:39
prion
prion
Design/Logic Flaw
2022-09-15 12:15:00
nvd
nvd
CVE-2022-3224
2022-09-15 12:15:09
cve
cve
CVE-2022-3224
2022-09-15 12:15:09
huntr
huntr
Hostname Spoofing
2022-08-07 08:02:17
osv
osv
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
2022-09-16 00:00:39
CVE-2022-3224
2022-09-15 12:15:09
cvelist
cvelist
CVE-2022-3224 Misinterpretation of Input in ionicabizau/parse-url
2022-09-15 11:30:12
ibm
ibm
Security Bulletin: IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2024-01-03 13:16:10

EPSS

0.001

Percentile

30.0%

JSON
Related for VERACODE:37044
github1prion1nvd1cve1huntr1osv2cvelist1ibm1