Homepage

org.webjars.npm:url-parse@1.4.1 vulnerabilities

  • latest version

    1.5.10

  • latest non vulnerable version

    1.5.10

  • first published

    8 years ago

  • latest version published

    2 years ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.webjars.npm:url-parse package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Authorization Bypass Through User-Controlled Key

    org.webjars.npm:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

    Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of @ in the protocol field of the HREF.

    How to fix Authorization Bypass Through User-Controlled Key?

    Upgrade org.webjars.npm:url-parse to version 1.5.8 or higher.

    [,1.5.8)
    • M
    Authorization Bypass

    org.webjars.npm:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

    Affected versions of this package are vulnerable to Authorization Bypass via the hostname field of a parsed URL, because "url-parse" is unable to find the correct hostname when no port number is provided in the URL.

    How to fix Authorization Bypass?

    Upgrade org.webjars.npm:url-parse to version 1.5.8 or higher.

    [,1.5.8)
    • H
    Improper Input Validation

    org.webjars.npm:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

    Affected versions of this package are vulnerable to Improper Input Validation due to improper fix of CVE-2020-8124 , it is possible to be exploited via the \b (backspace) character.

    How to fix Improper Input Validation?

    Upgrade org.webjars.npm:url-parse to version 1.5.9 or higher.

    [,1.5.9)
    • M
    Access Restriction Bypass

    org.webjars.npm:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

    Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.

    How to fix Access Restriction Bypass?

    Upgrade org.webjars.npm:url-parse to version 1.5.8 or higher.

    [,1.5.8)
    • M
    Open Redirect

    org.webjars.npm:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

    Affected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.

    How to fix Open Redirect?

    Upgrade org.webjars.npm:url-parse to version 1.5.2 or higher.

    [,1.5.2)
    • M
    Improper Input Validation

    org.webjars.npm:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

    Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

    How to fix Improper Input Validation?

    Upgrade org.webjars.npm:url-parse to version 1.5.0 or higher.

    [,1.5.0)
    • H
    Improper Input Validation

    org.webjars.npm:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

    Affected versions of this package are vulnerable to Improper Input Validation. When using url-parse in the browser the protocol of the URL returned by the parser is not validated correctly. In the Node.js environment strings like, javascript: return empty strings on the resulting URL object, but in the browser document.location.protocol is used when the provided URL doesn't match the validation expression /^([a-z][a-z0-9.+-]*:)?(\/\/)?([\S\s]*)/i.

    How to fix Improper Input Validation?

    Upgrade org.webjars.npm:url-parse to version 1.4.6 or higher.

    [,1.4.6)
    • H
    Open Redirect

    org.webjars.npm:url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

    Affected versions of this package are vulnerable to Open Redirect, Server Side Request Forgery (SSRF) and Bypass Authentication Protocol due to returning wrong hostname.

    How to fix Open Redirect?

    Upgrade org.webjars.npm:url-parse to version 1.4.3 or higher.

    [,1.4.3)
    Go back to all versions of this package