GHSA-pv4c-p2j5-38j4

Suggest an improvement
Source
https://github.com/advisories/GHSA-pv4c-p2j5-38j4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-pv4c-p2j5-38j4/GHSA-pv4c-p2j5-38j4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pv4c-p2j5-38j4
Aliases
  • CVE-2018-3774
Published
2018-08-13T15:02:15Z
Modified
2023-11-08T04:00:19.754068Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Open Redirect in url-parse
Details

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery (SSRF), or Bypass Authentication Protocol vulnerabilities.

Recommendation

Update to version 1.4.3 or later.

References

Affected packages

npm / url-parse

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.3