Vulnerability	Vulnerable Version
M Authorization Bypass Through User-Controlled Key url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of `@` in the protocol field of the HREF. How to fix Authorization Bypass Through User-Controlled Key? Upgrade `url-parse` to version 1.5.7 or higher.	<1.5.7
M Authorization Bypass url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments. Affected versions of this package are vulnerable to Authorization Bypass via the `hostname` field of a parsed URL, because "url-parse" is unable to find the correct hostname when no port number is provided in the URL. How to fix Authorization Bypass? Upgrade `url-parse` to version 1.5.8 or higher.	<1.5.8
H Improper Input Validation url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments. Affected versions of this package are vulnerable to Improper Input Validation due to improper fix of CVE-2020-8124 , it is possible to be exploited via the `\b` (backspace) character. How to fix Improper Input Validation? Upgrade `url-parse` to version 1.5.9 or higher.	<1.5.9
M Access Restriction Bypass url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments. Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation. How to fix Access Restriction Bypass? Upgrade `url-parse` to version 1.5.6 or higher.	<1.5.6

Go back to all versions of this package