CVE-2022-0639

Опубликовано: 17 фев. 2022

Источник: nvd

CVSS3: 6.5

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

Ссылки

https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788
Patch
Third Party Advisory
https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788
Patch
Third Party Advisory
https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
Exploit
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
https://lists.debian.org/debian-lts-announce/2025/12/msg00024.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:url-parse_project:url-parse:*:*:*:*:*:node.js:*:*

Версия до 1.5.7 (исключая)

EPSS

Процентиль: 6%

0.00025

Низкий

6.5 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

CVE-2022-0639

CVSS3: 5.3

ubuntu

почти 4 года назад

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

CVE-2022-0639

CVSS3: 6.2

redhat

почти 4 года назад

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

CVE-2022-0639

CVSS3: 5.3

debian

почти 4 года назад

Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...

GHSA-8v38-pw62-9cw2

CVSS3: 6.5

github

почти 4 года назад

url-parse Incorrectly parses URLs that include an '@'

EPSS

Процентиль: 6%

0.00025

Низкий

6.5 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639