CVE-2018-3774

Published: 12/08/2018 Updated: 09/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Vulnerable Product	Search on Vulmon	Subscribe to Product
url-parse project url-parse

Debian Bug report logs - #906058 node-url-parse: CVE-2018-3774 Package: src:node-url-parse; Maintainer for src:node-url-parse is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 13 Aug 2018 18:45:02 UTC Severity: important T ...

Cx SCA PoCs This repo hosts all Exploits/PoCs made by Checkmarx SCA's AppSec team The purpose is to prove that the data of the related vulnerabilities is correct, and to show that they are indeed exploitable Directory layout example ├── CVE-2018-3774 # Directory of PoC for some CVE/vulnerability │ ├── exploitjs # The file of the expl

CWE-601 CWE-918 https://hackerone.com/reports/384029 https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906058 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-3774

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect