CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 1.5.9 | 9.8 CRITICAL | 7.5 HIGH | ||
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | ||||
| < 1.5.8 | 9.1 CRITICAL | 6.4 MEDIUM | ||
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | ||||
| < 1.5.7 | 5.3 MEDIUM | 5 MEDIUM | ||
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | ||||
| < 1.5.6 | 5.3 MEDIUM | 5 MEDIUM | ||
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | ||||
| < 1.5.2 | 5.3 MEDIUM | 5 MEDIUM | ||
url-parse is vulnerable to URL Redirection to Untrusted Site | ||||
| < 1.5.0 | 5.3 MEDIUM | 5 MEDIUM | ||
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||||
| <= 1.4.4 | 5.3 MEDIUM | 5 MEDIUM | ||
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | ||||
| < 1.4.3 | — | 7.5 HIGH | ||
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | ||||