Описание
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. An attacker could use this flaw to bypass security checks on URLs.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Distributed Tracing Jaeger 1 | jaeger | Not affected | ||
| OpenShift Service Mesh 1 | grafana | Not affected | ||
| Red Hat Quay 3 | nodejs-url-parse | Will not fix | ||
| Openshift Service Mesh 1.0 | jaeger | Fixed | RHSA-2020:0972 | 25.03.2020 |
| Openshift Service Mesh 1.0 | kiali | Fixed | RHSA-2020:0972 | 25.03.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
Insufficient validation and sanitization of user input exists in url-p ...
Improper Validation and Sanitization in url-parse
EPSS
5.3 Medium
CVSS3