unshiftio/url-parse

unshiftio/url-parse

Releases49

Frequency1 month 3 weeks

Last Release over 4 years ago

Stars1.04K

Small footprint URL parser that works seamlessly across Node.js and browser environments.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-0691 ↗	Feb 21, 2022Monday, 21 February 2022, 09:15	9.8 CRITICAL	7.5 HIGH
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVE-2022-0686 ↗	Feb 20, 2022Sunday, 20 February 2022, 13:15	9.1 CRITICAL	6.4 MEDIUM
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVE-2022-0639 ↗	Feb 17, 2022Thursday, 17 February 2022, 18:15	5.3 MEDIUM	5 MEDIUM
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVE-2022-0512 ↗	Feb 14, 2022Monday, 14 February 2022, 16:15	5.3 MEDIUM	5 MEDIUM
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVE-2021-3664 ↗	Jul 26, 2021Monday, 26 July 2021, 12:15	5.3 MEDIUM	5 MEDIUM
url-parse is vulnerable to URL Redirection to Untrusted Site
CVE-2021-27515 ↗	Feb 22, 2021Monday, 22 February 2021, 00:15	5.3 MEDIUM	5 MEDIUM
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2018-3774 ↗	Aug 12, 2018Sunday, 12 August 2018, 22:29	—	7.5 HIGH
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.