CVE-2021-27515

Опубликовано: 22 фев. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.

Ссылки

https://advisory.checkmarx.net/advisory/CX-2021-4306
Exploit
Third Party Advisory
https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0
Patch
Third Party Advisory
https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0
Patch
Third Party Advisory
https://github.com/unshiftio/url-parse/pull/197
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
https://advisory.checkmarx.net/advisory/CX-2021-4306
Exploit
Third Party Advisory
https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0
Patch
Third Party Advisory
https://github.com/unshiftio/url-parse/compare/1.4.7...1.5.0
Patch
Third Party Advisory
https://github.com/unshiftio/url-parse/pull/197
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:url-parse_project:url-parse:*:*:*:*:*:node.js:*:*

Версия до 1.5.0 (исключая)

EPSS

Процентиль: 41%

0.00188

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-27515

CVSS3: 5.3

ubuntu

почти 5 лет назад

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

CVE-2021-27515

CVSS3: 5.3

redhat

почти 5 лет назад

url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

CVE-2021-27515

CVSS3: 5.3

debian

почти 5 лет назад

url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...

GHSA-9m6j-fcg5-2442

CVSS3: 5.3

github

почти 5 лет назад

Path traversal in url-parse

EPSS

Процентиль: 41%

0.00188

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo