CX: CVE-2022-0691 in Npm-url-parse and 1.5.1 @ TodoList_mern.main

itsKedar commented 2 years ago

Description

Authorization Bypass through User-Controlled Key in NPM url-parse versions 1.4.5 through 1.5.8. Bypasses "https://hackerone.com/reports/496293" via "\b" (backspace) character.

HIGH Vulnerable Package issue exists @ url-parse in branch main

Vulnerability ID: CVE-2022-0691

Package Name: url-parse

Severity: HIGH

CVSS Score: 9.8

Publish Date: 2022-02-21T09:15:00

Current Package Version: 1.5.1

Remediation Upgrade Recommendation: 1.5.9

Link To SCA

Reference – NVD link

itsKedar commented 2 years ago

Issue still exists.

itsKedar commented 2 years ago

Issue still exists.

itsKedar commented 2 years ago

Issue still exists.

itsKedar / TodoList_mern

CX: CVE-2022-0691 in Npm-url-parse and 1.5.1 @ TodoList_mern.main #10