Severity: high

Open Redirect

url-parse

Overview

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery (SSRF), or Bypass Authentication Protocol vulnerabilities.

Remediation

Update to version 1.4.3 or later.

Advisory timeline

  1. Created

    2018-08-02T15:02:33.364Z
  2. Updated

    2018-08-06T15:29:43.613Z