url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
Upgrade url-parse to version 1.5.0 or higher.
Affected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.
Upgrade url-parse to version 1.5.2 or higher.