Описание
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
An authorization bypass vulnerability was found in nodes-url-parse. This flaw allows a remote attacker with a basic user account to evade hostname verification by inserting the at symbol "@" at the end of the password field. This issue can allow entry to systems designed to block remote access and may not have additional defenses.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Quay 3 | quay/quay-rhel8 | Affected | ||
| Red Hat Migration Toolkit for Containers 1.7 | rhmtc/openshift-migration-ui-rhel8 | Fixed | RHSA-2022:6429 | 13.09.2022 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-639
https://bugzilla.redhat.com/show_bug.cgi?id=2054663nodejs-url-parse: authorization bypass through user-controlled key
8.8 High
CVSS3
Связанные уязвимости
CVSS3: 5.3
ubuntu
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVSS3: 5.3
nvd
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVSS3: 5.3
debian
почти 4 года назад
Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...
8.8 High
CVSS3