Url Parse Project
url-parse_project
8 CVEs • 1 product
Products (1)
Click to collapseToggle
Products (1)
Click to collapse
CVEs (8)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Url Parse Project 1Url Parse Nov 21, 2024 Feb 21, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. |
1Url Parse Project 1Url Parse Nov 21, 2024 Feb 20, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. |
1Url Parse Project 1Url Parse Dec 16, 2025 Feb 17, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. |
1Url Parse Project 1Url Parse Nov 21, 2024 Feb 14, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. |
1Url Parse Project 1Url Parse Nov 21, 2024 Jul 26, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 url-parse is vulnerable to URL Redirection to Untrusted Site |
1Url Parse Project 1Url Parse Nov 21, 2024 Feb 22, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. |
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. |
1Url Parse Project 1Url Parse Nov 21, 2024 Aug 12, 2018 N/A· v4 10.0 CRITICAL· v3 7.5 HIGH· v2 Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. |