EPSS
Percentile
30.0%
parse-url is vulnerable to regular expression denial of service. The vulnerability exists due to a lack of input validation which allows an attacker to inject and execute malicious script via URL parameter.
github.com/IonicaBizau/parse-path/blob/6ff86392c3396230912a0790a643e41d8a8a9baa/lib/index.js#L28
github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3
huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5