Improper Input Validation in url-parse

Do your applications use this vulnerable package? Test your applications

Overview

url-parse is a Small footprint URL parser that works seamlessly across Node.js and browser environments.

Affected versions of this package are vulnerable to Improper Input Validation. It mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.

Remediation

Upgrade url-parse to version 1.5.0 or higher.

References

GitHub Commit
GitHub PR

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

Low

Credit: Unknown
CVE: CVE-2021-27515
CWE: CWE-20
Snyk ID: SNYK-JS-URLPARSE-1078283
Disclosed: 22 Feb, 2021
Published: 22 Feb, 2021

Improper Input Validation
Affecting url-parse package, versions <1.5.0

Overview

Remediation

References

CVSS Score

Improper Input Validation Affecting url-parse package, versions <1.5.0

Overview

Remediation

References

Improper Input Validation
Affecting url-parse package, versions <1.5.0