Описание
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.4.3 (исключая)
cpe:2.3:o:url-parse_project:url-parse:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00971
Низкий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-425
CWE-601
Связанные уязвимости
CVSS3: 10
ubuntu
больше 7 лет назад
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
CVSS3: 9.8
redhat
больше 7 лет назад
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
CVSS3: 10
debian
больше 7 лет назад
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which lea ...
EPSS
Процентиль: 76%
0.00971
Низкий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-425
CWE-601