Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-3774

Опубликовано: 12 авг. 2018
Источник: debian
EPSS Низкий

Описание

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
node-url-parsefixed1.2.0-2package
node-url-parsefixed1.0.5-2+deb9u1stretchpackage

Примечания

  • https://hackerone.com/reports/384029

  • https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a

  • https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de

EPSS

Процентиль: 76%
0.00971
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-3774

CVSS3: 10
ubuntu
больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

redhat логотип

CVE-2018-3774

CVSS3: 9.8
redhat
больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

nvd логотип

CVE-2018-3774

CVSS3: 10
nvd
больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

github логотип

GHSA-pv4c-p2j5-38j4

CVSS3: 10
github
больше 7 лет назад

Open Redirect in url-parse

EPSS

Процентиль: 76%
0.00971
Низкий