Critical severity10.0NVD Advisory· Published Aug 12, 2018· Updated Jun 17, 2026
CVE-2018-3774
CVE-2018-3774
Description
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
url-parsenpm | >= 1.0.0, < 1.4.3 | 1.4.3 |
Affected products
2- HackerOne/url-parsev5Range: 1.4.3
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-pv4c-p2j5-38j4ghsaADVISORY
- github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5anvdVendor AdvisoryWEB
- github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5denvdVendor AdvisoryWEB
- hackerone.com/reports/384029nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-3774ghsaADVISORY
- github.com/unshiftio/url-parse/commit/209c296d302317268afbe19700a70c63ecbeb2d2ghsaWEB
- github.com/unshiftio/url-parse/compare/0.2.3...1.0.0ghsaWEB
News mentions
0No linked articles in our index yet.