CVE-2020-8124

Опубликовано: 04 фев. 2020

Источник: debian

EPSS Низкий

Описание

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-url-parse	fixed	1.4.7-1		package
node-url-parse	fixed	1.2.0-2+deb10u1	buster	package
node-url-parse	ignored		stretch	package

Примечания

https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b
https://hackerone.com/reports/496293

EPSS

Процентиль: 17%

0.00055

Низкий

Связанные уязвимости

CVE-2020-8124

CVSS3: 5.3

ubuntu

около 6 лет назад

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

CVE-2020-8124

CVSS3: 5.3

redhat

около 6 лет назад

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

CVE-2020-8124

CVSS3: 5.3

nvd

около 6 лет назад

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

GHSA-46c4-8wrp-j99v

CVSS3: 5.3

github

около 4 лет назад

Improper Validation and Sanitization in url-parse

EPSS

Процентиль: 17%

0.00055

Низкий