Description
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
Remediation
References
https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788
https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2025/12/msg00024.html
Related Vulnerabilities
CVE-2022-43430 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test
CVE-2018-1999007 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-24816 Vulnerability in maven package it.geosolutions.jaiext.jiffle:jt-jiffle-language
CVE-2020-15170 Vulnerability in maven package com.ctrip.framework.apollo:apollo-adminservice
CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty:jetty-util