Nebulous Puffy Marshmallows
url-parse

Open Redirect

Severity: high

Overview

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery (SSRF), or Bypass Authentication Protocol vulnerabilities.

Remediation

Update to version 1.4.3 or later.

Vulnerable versions

0.0.0
4 years ago
0.0.1
4 years ago
0.0.2
4 years ago
0.0.3
4 years ago
0.0.4
4 years ago
0.1.0
4 years ago
0.1.1
4 years ago
0.1.2
4 years ago
0.1.3
4 years ago
0.1.4
4 years ago
0.1.5
4 years ago
0.2.0
4 years ago
0.2.1
4 years ago
0.2.2
4 years ago
0.2.3
4 years ago
1.0.0
4 years ago
1.0.1
3 years ago
1.0.2
3 years ago
1.0.3
3 years ago
1.0.4
3 years ago
1.0.5
3 years ago
1.1.0
2 years ago
1.1.1
2 years ago
1.1.2
2 years ago
1.1.3
2 years ago
1.1.4
2 years ago
1.1.5
2 years ago
1.1.6
2 years ago
1.1.7
2 years ago
1.1.8
2 years ago
1.1.9
a year ago
1.2.0
10 months ago
1.3.0
4 months ago
1.4.0
4 months ago
1.4.1
2 months ago

Unaffected versions

1.4.3
21 days ago

Advisory timeline

  1. Created

    2018-08-02T15:02:33.364Z
  2. Updated

    2018-08-06T15:29:43.613Z