Find, fix and prevent vulnerabilities in your code.
high severity
- Vulnerable module: url-parse
- Introduced through: amqplib@0.5.6
Detailed paths
-
Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport#649a62eb16df995bcde723d367f4008454903eb2 › amqplib@0.5.6 › url-parse@1.4.7Remediation: Upgrade to amqplib@0.7.1.
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Improper Input Validation due to improper fix of CVE-2020-8124 , it is possible to be exploited via the \b (backspace) character.
PoC:
const parse = require('./index.js')
url = parse('\bhttp://google.com')
console.log(url)
Output:
{
slashes: false,
protocol: '',
hash: '',
query: '',
pathname: '\bhttp://google.com',
auth: '',
host: '',
port: '',
hostname: '',
password: '',
username: '',
origin: 'null',
href: '\bhttp://google.com'
}
Remediation
Upgrade url-parse to version 1.5.9 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqplib@0.5.6
Detailed paths
-
Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport#649a62eb16df995bcde723d367f4008454903eb2 › amqplib@0.5.6 › url-parse@1.4.7Remediation: Upgrade to amqplib@0.7.1.
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Access Restriction Bypass due to improper parsing process, that may lead to incorrect handling of authentication credentials and hostname, which allows bypass of hostname validation.
PoC:
// PoC.js
var parse = require('url-parse')
var cc=parse("http://admin:password123@@127.0.0.1")
//Output:
{ slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/',
auth: 'admin:password123',
host: '@127.0.0.1',
port: '',
hostname: '@127.0.0.1',
password: 'password123',
username: 'admin',
origin: 'http://@127.0.0.1',
href: 'http://admin:password123@@127.0.0.1/' }
Remediation
Upgrade url-parse to version 1.5.6 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqplib@0.5.6
Detailed paths
-
Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport#649a62eb16df995bcde723d367f4008454903eb2 › amqplib@0.5.6 › url-parse@1.4.7Remediation: Upgrade to amqplib@0.7.1.
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Authorization Bypass via the hostname field of a parsed URL, because "url-parse" is unable to find the correct hostname when no port number is provided in the URL.
PoC:
var Url = require('url-parse');
var PAYLOAD = "http://example.com:";
console.log(Url(PAYLOAD));
// Expected hostname: example.com
// Actual hostname by url-parse: example.com:
Output:
{
slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/',
auth: '',
host: 'example.com:',
port: '',
hostname: 'example.com:',
password: '',
username: '',
origin: 'http://example.com:',
href: 'http://example.com:/'
}
Remediation
Upgrade url-parse to version 1.5.8 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqplib@0.5.6
Detailed paths
-
Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport#649a62eb16df995bcde723d367f4008454903eb2 › amqplib@0.5.6 › url-parse@1.4.7Remediation: Upgrade to amqplib@0.7.1.
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to incorrect conversion of @ in the protocol field of the HREF.
PoC:
parse = require('url-parse')
console.log(parse("http:@/127.0.0.1"))
Output:
{
slashes: true,
protocol: 'http:',
hash: '',
query: '',
pathname: '/127.0.0.1',
auth: '',
host: '',
port: '',
hostname: '',
password: '',
username: '',
origin: 'null',
href: 'http:///127.0.0.1'
}
Remediation
Upgrade url-parse to version 1.5.7 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqplib@0.5.6
Detailed paths
-
Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport#649a62eb16df995bcde723d367f4008454903eb2 › amqplib@0.5.6 › url-parse@1.4.7Remediation: Upgrade to amqplib@0.7.1.
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
Remediation
Upgrade url-parse to version 1.5.0 or higher.
References
medium severity
- Vulnerable module: url-parse
- Introduced through: amqplib@0.5.6
Detailed paths
-
Introduced through: seneca-amqp-transport@senecajs/seneca-amqp-transport#649a62eb16df995bcde723d367f4008454903eb2 › amqplib@0.5.6 › url-parse@1.4.7Remediation: Upgrade to amqplib@0.7.1.
Overview
url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.
Affected versions of this package are vulnerable to Open Redirect due to improper escaping of slash characters.
Remediation
Upgrade url-parse to version 1.5.2 or higher.