Moderate severityNVD Advisory· Published Feb 4, 2020· Updated Aug 4, 2024
CVE-2020-8124
CVE-2020-8124
Description
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
url-parsenpm | >= 0.1.0, < 1.4.5 | 1.4.5 |
Affected products
2- url-parse/url-parsedescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-46c4-8wrp-j99vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8124ghsaADVISORY
- github.com/github/advisory-database/pull/6762ghsaWEB
- github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274bghsaWEB
- hackerone.com/reports/496293ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.