Url-parse_project Url-parse

8 CVEs affecting Url-parse_project Url-parse. Latest disclosed: 2022-02-21. Critical: 3, High: 0.

Top CVEs affecting Url-parse_project Url-parse
CVESeverityScorePublishedSummary
CVE-2018-3774Critical10.02018-08-12Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protoco…
CVE-2022-0691Critical9.82022-02-21Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVE-2022-0686Critical9.12022-02-20Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVE-2022-0639Medium5.32022-02-17Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVE-2022-0512Medium5.32022-02-14Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVE-2021-3664Medium5.32021-07-26url-parse is vulnerable to URL Redirection to Untrusted Site
CVE-2021-27515Medium5.32021-02-22url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2020-8124Medium5.32020-02-04Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.