Show filters
17 Total Results
Displaying 11-17 of 17
Sort by:
Attacker Value
Unknown
CVE-2022-0639
Disclosure Date: February 17, 2022 (last updated February 23, 2025)
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
0
Attacker Value
Unknown
CVE-2022-0512
Disclosure Date: February 14, 2022 (last updated February 23, 2025)
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
0
Attacker Value
Unknown
CVE-2021-3664
Disclosure Date: July 26, 2021 (last updated February 23, 2025)
url-parse is vulnerable to URL Redirection to Untrusted Site
0
Attacker Value
Unknown
CVE-2021-27515
Disclosure Date: February 22, 2021 (last updated November 28, 2024)
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
0
Attacker Value
Unknown
CVE-2020-8124
Disclosure Date: February 04, 2020 (last updated February 21, 2025)
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
0
Attacker Value
Unknown
CVE-2018-3774
Disclosure Date: August 12, 2018 (last updated November 27, 2024)
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
0
Attacker Value
Unknown
CVE-2018-6651
Disclosure Date: February 05, 2018 (last updated November 26, 2024)
In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as used in Parsec before 140-3, insufficient Origin header validation (accepting an arbitrary substring match) for WebSocket API requests allows remote attackers to bypass intended access restrictions. In Parsec, this means full control over the victim's computer.
0
