Skip to main content

Url Parse

7 CVEs product

Monthly

CVE-2022-0691 npm CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-0686 npm CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
CVSS 3.1
9.1
EPSS
1.8%
CVE-2022-0639 npm MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-3664 npm MEDIUM POC PATCH This Month

url-parse is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Url Parse
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-27515 npm MEDIUM POC PATCH This Month

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Url Parse
NVD GitHub
CVSS 3.1
5.3
EPSS
2.0%
CVE-2020-8124 npm MEDIUM POC PATCH This Month

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Authentication Bypass Url Parse
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2018-3774 npm CRITICAL PATCH Act Now

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Redirect Url Parse
NVD GitHub
CVSS 3.0
10.0
EPSS
3.8%
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Url Parse
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

url-parse is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Url Parse
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Url Parse
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Authentication Bypass Url Parse
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Redirect Url Parse
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy