Authorization Bypass Through User-Controlled Key
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
Advisories for Npm/Url-Parse package
2022
Authorization Bypass Through User-Controlled Key
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
Authorization Bypass Through User-Controlled Key
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
Authorization Bypass Through User-Controlled Key
An authorization bypass through a user-controlled key was found in url-parse.
2021
URL Redirection to Untrusted Site (Open Redirect)
url-parse is vulnerable to URL Redirection to Untrusted Site
Improper Neutralization
url-parse mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.
2020
Improper Input Validation
Insufficient validation and sanitization of user input exists in url-parse npm package may allow attacker to bypass security checks.
2018
URL Redirection to Untrusted Site (Open Redirect)
Incorrect parsing in url-parse returns the wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.