← Back

Url Parse

url-parse

Vendor: Url Parse Project • 8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-0691
1Url Parse Project
1Url Parse
Nov 21, 2024
Feb 21, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVE-2022-0686
1Url Parse Project
1Url Parse
Nov 21, 2024
Feb 20, 2022
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVE-2022-0639
1Url Parse Project
1Url Parse
Dec 16, 2025
Feb 17, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVE-2022-0512
1Url Parse Project
1Url Parse
Nov 21, 2024
Feb 14, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVE-2021-3664
1Url Parse Project
1Url Parse
Nov 21, 2024
Jul 26, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
url-parse is vulnerable to URL Redirection to Untrusted Site
CVE-2021-27515
1Url Parse Project
1Url Parse
Nov 21, 2024
Feb 22, 2021
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2020-8124
1Url Parse Project
1Url Parse
Nov 21, 2024
Feb 4, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVE-2018-3774
1Url Parse Project
1Url Parse
Nov 21, 2024
Aug 12, 2018
N/A· v4
10.0 CRITICAL· v3
7.5 HIGH· v2
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.