Description

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

Remediation

References

https://hackerone.com/reports/496293

Related Vulnerabilities

CVE-2020-35199 Vulnerability in maven package org.igniterealtime.openfire.plugins:bookmarks

CVE-2023-27096 Vulnerability in maven package cn.hippo4j:hippo4j-all

CVE-2022-27952 Vulnerability in npm package payload

CVE-2019-10808 Vulnerability in npm package utilitify

CVE-2020-28168 Vulnerability in maven package org.webjars.npm:axios

Severity

Medium

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Exploit Third Party Advisory