Описание
Path traversal in url-parse
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-27515
- https://github.com/github/advisory-database/pull/6763
- https://github.com/unshiftio/url-parse/pull/197
- https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0
- https://advisory.checkmarx.net/advisory/CX-2021-4306
- https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0
- https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
Пакеты
Наименование
url-parse
npm
Затронутые версииВерсия исправления
>= 0.1.0, < 1.5.0
1.5.0
Связанные уязвимости
CVSS3: 5.3
ubuntu
почти 5 лет назад
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVSS3: 5.3
redhat
почти 5 лет назад
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVSS3: 5.3
nvd
почти 5 лет назад
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVSS3: 5.3
debian
почти 5 лет назад
url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...