CVE-2021-27515

Опубликовано: 22 фев. 2021

Источник: debian

EPSS Низкий

Описание

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

Пакет	Статус	Версия исправления	Релиз	Тип
node-url-parse	fixed	1.5.1-1		package
node-url-parse	end-of-life		stretch	package

https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0 (1.5.0)
https://github.com/unshiftio/url-parse/pull/197

EPSS

Процентиль: 41%

0.00188

Низкий

CVE-2021-27515

CVSS3: 5.3

ubuntu

почти 5 лет назад

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

CVE-2021-27515

CVSS3: 5.3

redhat

почти 5 лет назад

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

CVE-2021-27515

CVSS3: 5.3

nvd

почти 5 лет назад

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

GHSA-9m6j-fcg5-2442

CVSS3: 5.3

github

почти 5 лет назад

Path traversal in url-parse

EPSS

Процентиль: 41%

0.00188

Низкий