Filtered by vendor Url-parse Project Subscriptions
Filtered by product Url-parse Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-0691 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 9.8 Critical
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVE-2022-0686 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 9.1 Critical
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVE-2022-0639 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 5.3 Medium
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVE-2022-0512 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 5.3 Medium
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVE-2021-3664 1 Url-parse Project 1 Url-parse 2024-11-21 5.3 Medium
url-parse is vulnerable to URL Redirection to Untrusted Site
CVE-2021-27515 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 5.3 Medium
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2020-8124 2 Redhat, Url-parse Project 2 Service Mesh, Url-parse 2024-11-21 5.3 Medium
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVE-2018-3774 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 9.8 Critical
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.