Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2022-0691

Medium priority

Some fixes available 3 of 4

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.

1 affected package

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-0686

Medium priority

Some fixes available 3 of 8

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

1 affected package

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-0639

Medium priority

Some fixes available 3 of 4

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

1 affected package

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-0512

Medium priority

Some fixes available 3 of 8

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.

1 affected package

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-3664

Low priority

Some fixes available 3 of 9

url-parse is vulnerable to URL Redirection to Untrusted Site

1 affected package

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-27515

Low priority

Some fixes available 3 of 10

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

1 affected package

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-8124

Medium priority

Some fixes available 2 of 5

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

1 affected package

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-3774

Medium priority

Some fixes available 2 of 12

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

1 affected package

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Not affected Fixed Fixed
Show less packages