url-parse project url-parse vulnerabilities and exploits

(subscribe to this query)

5.3

CVSSv3

url-parse prior to 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

Url-parse Project Url-parse

5.3

CVSSv3

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and previous versions may allow malicious user to bypass security checks.

Url-parse Project Url-parse

10

CVSSv3

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Url-parse Project Url-parse

1 Github repository

9.1

CVSSv3

Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.8.

Url-parse Project Url-parse

5.3

CVSSv3

Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.6.

Url-parse Project Url-parse

9.8

CVSSv3

Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.9.

Url-parse Project Url-parse

5.3

CVSSv3

Authorization Bypass Through User-Controlled Key in NPM url-parse before 1.5.7.

Url-parse Project Url-parse

5.3

CVSSv3

url-parse is vulnerable to URL Redirection to Untrusted Site

Url-parse Project Url-parse

7.5

CVSSv3

The git-url-parse crate up to and including 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).

Git-url-parse Project Git-url-parse

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook