Description
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
Remediation
References
https://hackerone.com/reports/496293
Related Vulnerabilities
CVE-2019-9154 Vulnerability in npm package openpgp
CVE-2017-16222 Vulnerability in npm package elding
CVE-2023-39022 Vulnerability in maven package opensymphony:oscore
CVE-2022-33891 Vulnerability in maven package org.apache.spark:spark-core_2.12
CVE-2022-25767 Vulnerability in maven package com.bstek.ureport:ureport2-console