GHSA-pv4c-p2j5-38j4

Опубликовано: 13 авг. 2018

Источник: github

Github: Прошло ревью

CVSS3: 10

Описание

Open Redirect in url-parse

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery (SSRF), or Bypass Authentication Protocol vulnerabilities.

Recommendation

Update to version 1.4.3 or later.

Ссылки

Пакеты

Наименование

url-parse

npm

Затронутые версииВерсия исправления

>= 1.0.0, < 1.4.3

1.4.3

EPSS

Процентиль: 76%

0.00971

Низкий

10 Critical

CVSS3

CVE ID

CVE-2018-3774

Дефекты

CWE-425

Связанные уязвимости

CVE-2018-3774

CVSS3: 10

ubuntu

больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

CVE-2018-3774

CVSS3: 9.8

redhat

больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

CVE-2018-3774

CVSS3: 10

nvd

больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

CVE-2018-3774

CVSS3: 10

debian

больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which lea ...

EPSS

Процентиль: 76%

0.00971

Низкий

10 Critical

CVSS3

CVE ID

CVE-2018-3774

Дефекты

CWE-425