Moderate severityNVD Advisory· Published Feb 21, 2021· Updated Aug 3, 2024
CVE-2021-27515
CVE-2021-27515
Description
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
url-parsenpm | >= 0.1.0, < 1.5.0 | 1.5.0 |
Affected products
2- url-parse/url-parsedescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-9m6j-fcg5-2442ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-27515ghsaADVISORY
- advisory.checkmarx.net/advisory/CX-2021-4306ghsaWEB
- github.com/github/advisory-database/pull/6763ghsaWEB
- github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0ghsaWEB
- github.com/unshiftio/url-parse/compare/1.4.7...1.5.0ghsaWEB
- github.com/unshiftio/url-parse/pull/197ghsaWEB
- lists.debian.org/debian-lts-announce/2023/02/msg00030.htmlghsamailing-listWEB
News mentions
0No linked articles in our index yet.