npm package
url-parse
pkg:npm/url-parse
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0691 | — | >= 0.1.0, < 1.5.9 | 1.5.9 | Feb 21, 2022 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | ||
| CVE-2022-0686 | — | < 1.5.8 | 1.5.8 | Feb 20, 2022 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | ||
| CVE-2022-0639 | — | >= 1.0.0, < 1.5.7 | 1.5.7 | Feb 17, 2022 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | ||
| CVE-2022-0512 | — | >= 0.1.0, < 1.5.6 | 1.5.6 | Feb 14, 2022 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | ||
| CVE-2021-3664 | — | >= 0.1.0, < 1.5.2 | 1.5.2 | Jul 26, 2021 | url-parse is vulnerable to URL Redirection to Untrusted Site | ||
| CVE-2021-27515 | — | >= 0.1.0, < 1.5.0 | 1.5.0 | Feb 21, 2021 | url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||
| CVE-2020-8124 | — | >= 0.1.0, < 1.4.5 | 1.4.5 | Feb 4, 2020 | Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | ||
| CVE-2018-3774 | — | >= 1.0.0, < 1.4.3 | 1.4.3 | Aug 12, 2018 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. |
- CVE-2022-0691Feb 21, 2022affected >= 0.1.0, < 1.5.9fixed 1.5.9
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
- CVE-2022-0686Feb 20, 2022affected < 1.5.8fixed 1.5.8
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
- CVE-2022-0639Feb 17, 2022affected >= 1.0.0, < 1.5.7fixed 1.5.7
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
- CVE-2022-0512Feb 14, 2022affected >= 0.1.0, < 1.5.6fixed 1.5.6
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
- CVE-2021-3664Jul 26, 2021affected >= 0.1.0, < 1.5.2fixed 1.5.2
url-parse is vulnerable to URL Redirection to Untrusted Site
- CVE-2021-27515Feb 21, 2021affected >= 0.1.0, < 1.5.0fixed 1.5.0
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
- CVE-2020-8124Feb 4, 2020affected >= 0.1.0, < 1.4.5fixed 1.4.5
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
- CVE-2018-3774Aug 12, 2018affected >= 1.0.0, < 1.4.3fixed 1.4.3
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.