| Release | Version |
|---|---|
| stretch | 1.0.5-2+deb9u1 |
| buster | 1.2.0-2+deb10u1 |
| bullseye | 1.5.3-1 |
| bookworm | 1.5.3-1 |
| sid | 1.5.3-1 |
| Bug | stretch | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2021-27515 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | url-parse before 1.5.0 mishandles certain uses of backslash such as ht ... |
| CVE-2021-3664 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | url-parse is vulnerable to URL Redirection to Untrusted Site ... |
| CVE-2020-8124 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | Insufficient validation and sanitization of user input exists in url-p ... |
| Bug | Description |
|---|---|
| CVE-2018-3774 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which ... |