Release | Version |
---|---|
buster | 1.2.0-2+deb10u1 |
buster (security) | 1.2.0-2+deb10u2 |
bullseye | 1.5.3-1+deb11u1 |
bookworm | 1.5.10+~1.4.8-2 |
trixie | 1.5.10+~1.4.8-3 |
sid | 1.5.10+~1.4.8-3 |
Bug | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|
CVE-2022-0639 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Authorization Bypass Through User-Controlled Key in NPM url-parse prio ... |
CVE-2022-0512 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Authorization Bypass Through User-Controlled Key in NPM url-parse prio ... |
Bug | Description |
---|---|
CVE-2022-0691 | Authorization Bypass Through User-Controlled Key in NPM url-parse prio ... |
CVE-2022-0686 | Authorization Bypass Through User-Controlled Key in NPM url-parse prio ... |
CVE-2021-27515 | url-parse before 1.5.0 mishandles certain uses of backslash such as ht ... |
CVE-2021-3664 | url-parse is vulnerable to URL Redirection to Untrusted Site |
CVE-2020-8124 | Insufficient validation and sanitization of user input exists in url-p ... |
CVE-2018-3774 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which lea ... |
DSA / DLA | Description |
---|---|
DLA-3336-1 | node-url-parse - security update |