url-parse
by unshiftio
Source repositories
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3224 | 0.00 | — | 0.00 | Sep 15, 2022 | Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. | |||
| CVE-2022-2900 | 0.00 | — | 0.00 | Sep 14, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | |||
| CVE-2022-2216 | 0.00 | — | 0.00 | Jun 27, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. | |||
| CVE-2022-2218 | 0.00 | — | 0.00 | Jun 27, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. | |||
| CVE-2022-0722 | 0.00 | — | 0.00 | Jun 27, 2022 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. | |||
| CVE-2022-2217 | 0.00 | — | 0.00 | Jun 27, 2022 | Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. | |||
| CVE-2022-0691 | 0.00 | — | 0.00 | Feb 21, 2022 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | |||
| CVE-2022-0686 | 0.00 | — | 0.00 | Feb 20, 2022 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | |||
| CVE-2022-0639 | 0.00 | — | 0.00 | Feb 17, 2022 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | |||
| CVE-2022-0512 | 0.00 | — | 0.00 | Feb 14, 2022 | Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | |||
| CVE-2021-27515 | 0.00 | — | 0.00 | Feb 21, 2021 | url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | |||
| CVE-2020-8124 | 0.00 | — | 0.00 | Feb 4, 2020 | Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | |||
| CVE-2018-3774 | 0.00 | — | 0.02 | Aug 12, 2018 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. |
- CVE-2022-3224Sep 15, 2022risk 0.00cvss —epss 0.00
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.
- CVE-2022-2900Sep 14, 2022risk 0.00cvss —epss 0.00
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.
- CVE-2022-2216Jun 27, 2022risk 0.00cvss —epss 0.00
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.
- CVE-2022-2218Jun 27, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.
- CVE-2022-0722Jun 27, 2022risk 0.00cvss —epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.
- CVE-2022-2217Jun 27, 2022risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.
- CVE-2022-0691Feb 21, 2022risk 0.00cvss —epss 0.00
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
- CVE-2022-0686Feb 20, 2022risk 0.00cvss —epss 0.00
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
- CVE-2022-0639Feb 17, 2022risk 0.00cvss —epss 0.00
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
- CVE-2022-0512Feb 14, 2022risk 0.00cvss —epss 0.00
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
- CVE-2021-27515Feb 21, 2021risk 0.00cvss —epss 0.00
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
- CVE-2020-8124Feb 4, 2020risk 0.00cvss —epss 0.00
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
- CVE-2018-3774Aug 12, 2018risk 0.00cvss —epss 0.02
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.