org.webjars.bowergithub.unshiftio:url-parse 1.4.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.bowergithub.unshiftio:url-parse package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Authorization Bypass Through User-Controlled Key org.webjars.bowergithub.unshiftio:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of `@` in the protocol field of the HREF. How to fix Authorization Bypass Through User-Controlled Key? There is no fixed version for `org.webjars.bowergithub.unshiftio:url-parse`.	[0,)
M Access Restriction Bypass org.webjars.bowergithub.unshiftio:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments. Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation. How to fix Access Restriction Bypass? There is no fixed version for `org.webjars.bowergithub.unshiftio:url-parse`.	[0,)
M Improper Input Validation org.webjars.bowergithub.unshiftio:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments. Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as `http:\/` and interprets the URI as a relative path. How to fix Improper Input Validation? There is no fixed version for `org.webjars.bowergithub.unshiftio:url-parse`.	[0,)
H Improper Input Validation org.webjars.bowergithub.unshiftio:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments. Affected versions of this package are vulnerable to Improper Input Validation. When using `url-parse` in the browser the protocol of the URL returned by the parser is not validated correctly. In the Node.js environment strings like, `javascript:` return empty strings on the resulting URL object, but in the browser `document.location.protocol` is used when the provided URL doesn't match the validation expression `/^([a-z][a-z0-9.+-]:)?(\/\/)?([\S\s])/i`. How to fix Improper Input Validation? There is no fixed version for `org.webjars.bowergithub.unshiftio:url-parse`.	[0,)

Vulnerability

Vulnerable Version

Authorization Bypass Through User-Controlled Key

org.webjars.bowergithub.unshiftio:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of @ in the protocol field of the HREF.

How to fix Authorization Bypass Through User-Controlled Key?

There is no fixed version for org.webjars.bowergithub.unshiftio:url-parse.

[0,)

Access Restriction Bypass

org.webjars.bowergithub.unshiftio:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.

How to fix Access Restriction Bypass?

There is no fixed version for org.webjars.bowergithub.unshiftio:url-parse.

[0,)

Improper Input Validation

org.webjars.bowergithub.unshiftio:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

How to fix Improper Input Validation?

There is no fixed version for org.webjars.bowergithub.unshiftio:url-parse.

[0,)

Improper Input Validation

org.webjars.bowergithub.unshiftio:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Improper Input Validation. When using url-parse in the browser the protocol of the URL returned by the parser is not validated correctly. In the Node.js environment strings like, javascript: return empty strings on the resulting URL object, but in the browser document.location.protocol is used when the provided URL doesn't match the validation expression /^([a-z][a-z0-9.+-]*:)?(\/\/)?([\S\s]*)/i.

How to fix Improper Input Validation?

There is no fixed version for org.webjars.bowergithub.unshiftio:url-parse.

[0,)

org.webjars.bowergithub.unshiftio:url-parse@1.4.3 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?