Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.
10CVSS
9.5AI Score
0.003EPSS
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
5.3CVSS
5.4AI Score
0.001EPSS
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.
5.3CVSS
5.4AI Score
0.002EPSS
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
9.1CVSS
8.9AI Score
0.002EPSS
9.8CVSS
9.1AI Score
0.004EPSS