Url-parse Project Url-parse — known CVE vulnerabilities
Every CVE whose affected-product data names Url-parse Project Url-parse, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2018-3774 — CVSS 10.0 (critical): Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass…
CVE-2021-27515 — CVSS 5.3 (medium): url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2020-8124 — CVSS 5.3 (medium): Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to…