unshiftio/url-parse

unshiftio/url-parse

Releases49
Frequency1 month 3 weeks
Last Release
Stars1.04K
Small footprint URL parser that works seamlessly across Node.js and browser environments.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 1.5.99.8 CRITICAL7.5 HIGH

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.

< 1.5.89.1 CRITICAL6.4 MEDIUM

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

< 1.5.75.3 MEDIUM5 MEDIUM

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

< 1.5.65.3 MEDIUM5 MEDIUM

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.

< 1.5.25.3 MEDIUM5 MEDIUM

url-parse is vulnerable to URL Redirection to Untrusted Site

< 1.5.05.3 MEDIUM5 MEDIUM

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

<= 1.4.45.3 MEDIUM5 MEDIUM

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

< 1.4.37.5 HIGH

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.