Authorization Bypass Through User-Controlled Key

maticnetwork / contracts

Smart contracts comprising the business logic of the Matic Network

https://matic.network

GNU General Public License v3.0

1.15k stars 506 forks source link

Authorization Bypass Through User-Controlled Key #459

Open philipjonsen opened 1 year ago

philipjonsen commented 1 year ago

Authorization Bypass Through User-Controlled Key in url-parse url-parse prior to version 1.5.8 is vulnerable to Authorization Bypass Through User-Controlled Key.

https://nvd.nist.gov/vuln/detail/CVE-2022-0686

CVE-2022-0686

Fix, update: "version": "1.5.8",