CVE-2022-0624: Authorization Bypass Through User-Controlled Key
(updated )
Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. parse-path is unable to detect the right resource. While parsing http://127.0.0.1#@example.com
url, parse-path thinks that the host/resource is example.com, however the actual resource is 127.0.0.1.
References
Detect and mitigate CVE-2022-0624 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →