Narcoleptic Pasta Manufacturer
Severity: high

Open Redirect

url-parse

Overview

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery (SSRF), or Bypass Authentication Protocol vulnerabilities.

Remediation

Update to version 1.4.3 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. Created

    2018-08-02T15:02:33.364Z
  2. Updated

    2018-08-06T15:29:43.613Z