Url-Parse Project: Security Vulnerabilities
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-02-21
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-02-20
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-02-17
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVSS Score
8.8
EPSS Score
0.0
Published
2022-02-14
url-parse is vulnerable to URL Redirection to Untrusted Site
CVSS Score
5.3
EPSS Score
0.003
Published
2021-07-26
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-02-22
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-02-04
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
CVSS Score
10.0
EPSS Score
0.01
Published
2018-08-12