CVE-2018-3774

Опубликовано: 30 июл. 2018

Источник: redhat

CVSS3: 9.8

Описание

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1940759nodejs-url-parse: incorrect hostname in url parsing

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2018-3774

CVSS3: 10

ubuntu

больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

CVE-2018-3774

CVSS3: 10

nvd

больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

CVE-2018-3774

CVSS3: 10

debian

больше 7 лет назад

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which lea ...

GHSA-pv4c-p2j5-38j4

CVSS3: 10

github

больше 7 лет назад

Open Redirect in url-parse

9.8 Critical

CVSS3