Описание
url-parse is vulnerable to URL Redirection to Untrusted Site
An input validation flaw was found in the nodejs url-parse library, which incorrectly parses a URL that contains backslashes. This flaw allows an attacker to specify a relative URL and cause the browser to redirect to a malicious website. The highest threat from this vulnerability is to integrity. Related vulnerability is CVE-2021-27515.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/application-ui-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-ui-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grc-ui-api-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grc-ui-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/kui-web-terminal-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/mcm-topology-api-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-api-rhel8 | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-20->CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=1989389nodejs-url-parse: URL Redirection to Untrusted Site
EPSS
Процентиль: 54%
0.00314
Низкий
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
ubuntu
больше 4 лет назад
url-parse is vulnerable to URL Redirection to Untrusted Site
CVSS3: 5.3
nvd
больше 4 лет назад
url-parse is vulnerable to URL Redirection to Untrusted Site
CVSS3: 5.3
debian
больше 4 лет назад
url-parse is vulnerable to URL Redirection to Untrusted Site
EPSS
Процентиль: 54%
0.00314
Низкий
5.3 Medium
CVSS3