EPSS
Percentile
28.9%
url-js is vulnerable to improper input validation. The vulnerability exists in parseUrl function in parseUrl.js because the inputs are not parsed properly which allows an attacker to perform host name spoofing.
parseUrl
parseUrl.js
github.com/advisories/GHSA-rf54-44jr-q5vf
github.com/duzun/URL.js/commit/9dc9fcc99baa4cbda24403d81a589e9b0f4121d0