Download
| Alert*
|
CVE-2021-27515
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. CVE-2021-3664 url-parse is vulnerable to URL Redirection to Untrusted Site CVE-2020-8124 Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. CVE-2018-3774 Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. CVE-2022-0691 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. CVE-2022-0639 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. CVE-2022-0512 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. CVE-2022-0686 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. |
