Search CVE reports
1 – 8 of 8 results
Some fixes available 3 of 4
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
1 affected package
node-url-parse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-url-parse | — | Not affected | Fixed | Fixed |
Some fixes available 3 of 6
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
1 affected package
node-url-parse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-url-parse | Not affected | Not affected | Fixed | Fixed |
Some fixes available 3 of 4
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
1 affected package
node-url-parse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-url-parse | — | Not affected | Fixed | Fixed |
Some fixes available 3 of 6
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
1 affected package
node-url-parse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-url-parse | Not affected | Not affected | Fixed | Fixed |
Some fixes available 3 of 7
url-parse is vulnerable to URL Redirection to Untrusted Site
1 affected package
node-url-parse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-url-parse | Not affected | Not affected | Fixed | Fixed |
Some fixes available 3 of 8
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
1 affected package
node-url-parse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-url-parse | Not affected | Not affected | Fixed | Fixed |
Some fixes available 2 of 5
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
1 affected package
node-url-parse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-url-parse | — | Not affected | Not affected | Fixed |
Some fixes available 2 of 10
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
1 affected package
node-url-parse
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
node-url-parse | Not affected | Not affected | Not affected | Fixed |