url-parse
npm8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting url-parsepage 1 of 1
- CVE-2018-3774CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.4.32018-08-12
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
- CVE-2020-8124MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.4.52020-02-04
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
- CVE-2021-27515MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.5.02021-02-22
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
- CVE-2021-3664MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.5.22021-07-26
url-parse is vulnerable to URL Redirection to Untrusted Site
- CVE-2022-0512MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.5.62022-02-14
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
- CVE-2022-0639MEDIUMCVSS 5.3EG 5.3✓ Fixed in 1.5.72022-02-17
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
- CVE-2022-0686CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.5.82022-02-20
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
- CVE-2022-0691CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.5.92022-02-21
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
Check whether url-parse is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for url-parse CVEs against the assets you own.
Start Free Scan →