Filtered by vendor Url-parse Project
Subscriptions
Filtered by product Url-parse
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-0691 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-11-21 | 9.8 Critical |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | ||||
CVE-2022-0686 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-11-21 | 9.1 Critical |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | ||||
CVE-2022-0639 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-11-21 | 5.3 Medium |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | ||||
CVE-2022-0512 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-11-21 | 5.3 Medium |
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | ||||
CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 5.3 Medium |
url-parse is vulnerable to URL Redirection to Untrusted Site | ||||
CVE-2021-27515 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 5.3 Medium |
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||||
CVE-2020-8124 | 2 Redhat, Url-parse Project | 2 Service Mesh, Url-parse | 2024-11-21 | 5.3 Medium |
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | ||||
CVE-2018-3774 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 9.8 Critical |
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. |
Page 1 of 1.