CVE-2020-8124

Опубликовано: 04 фев. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

Ссылки

https://hackerone.com/reports/496293
Exploit
Third Party Advisory
https://hackerone.com/reports/496293
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:url-parse_project:url-parse:*:*:*:*:*:node.js:*:*

Версия до 1.4.4 (включая)

EPSS

Процентиль: 17%

0.00055

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2020-8124

CVSS3: 5.3

ubuntu

около 6 лет назад

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

CVE-2020-8124

CVSS3: 5.3

redhat

около 6 лет назад

Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.

CVE-2020-8124

CVSS3: 5.3

debian

около 6 лет назад

Insufficient validation and sanitization of user input exists in url-p ...

GHSA-46c4-8wrp-j99v

CVSS3: 5.3

github

около 4 лет назад

Improper Validation and Sanitization in url-parse

EPSS

Процентиль: 17%

0.00055

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20