Show filters
15 Total Results
Displaying 11-15 of 15
Sort by:
Attacker Value
Unknown

CVE-2022-0512

Disclosure Date: February 14, 2022 (last updated February 23, 2025)
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-3664

Disclosure Date: July 26, 2021 (last updated February 23, 2025)
url-parse is vulnerable to URL Redirection to Untrusted Site
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-27515

Disclosure Date: February 22, 2021 (last updated November 28, 2024)
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-8124

Disclosure Date: February 04, 2020 (last updated February 21, 2025)
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-3774

Disclosure Date: August 12, 2018 (last updated November 27, 2024)
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
0
0
View More Topics  < Previous