MidnightBSD

Advisories for url-parse_project

CVE-2018-3774 HIGH

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-425,CWE-601,CWE-918,

Products Affected

Vendor Product Version
url-parse_project url-parse *
CVE-2020-8124 MEDIUM

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
url-parse_project url-parse *
CVE-2021-27515 MEDIUM

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
url-parse_project url-parse *
CVE-2021-3664 MEDIUM

url-parse is vulnerable to URL Redirection to Untrusted Site

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
url-parse_project url-parse *
CVE-2022-0512 MEDIUM

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,CWE-639,

Products Affected

Vendor Product Version
url-parse_project url-parse *
CVE-2022-0639 MEDIUM

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,CWE-639,

Products Affected

Vendor Product Version
url-parse_project url-parse *
CVE-2022-0686 MEDIUM

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-639,CWE-639,

Products Affected

Vendor Product Version
url-parse_project url-parse *
CVE-2022-0691 HIGH

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-639,CWE-639,

Products Affected

Vendor Product Version
url-parse_project url-parse *