Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 8 of 8 results

CVE-2022-0691

Medium priority

Some fixes available 3 of 4

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.

1 affected packages

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-0686

Medium priority

Some fixes available 3 of 7

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

1 affected packages

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-0639

Medium priority

Some fixes available 3 of 4

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

1 affected packages

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-0512

Medium priority

Some fixes available 3 of 7

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.

1 affected packages

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-3664

Low priority

Some fixes available 3 of 8

url-parse is vulnerable to URL Redirection to Untrusted Site

1 affected packages

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-27515

Low priority

Some fixes available 3 of 9

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

1 affected packages

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-8124

Medium priority

Some fixes available 2 of 5

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

1 affected packages

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-3774

Medium priority

Some fixes available 2 of 11

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

1 affected packages

node-url-parse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-url-parse Needs evaluation Not affected Not affected Fixed Fixed
Show less packages