Information on source package node-url-parse

Available versions

ReleaseVersion
buster1.2.0-2+deb10u1
buster (security)1.2.0-2+deb10u2
bullseye1.5.3-1+deb11u2
bookworm1.5.10+~1.4.8-2
trixie1.5.10+~1.4.8-3
sid1.5.10+~1.4.8-3

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2022-0639fixedvulnerable (no DSA)fixedfixedfixedAuthorization Bypass Through User-Controlled Key in NPM url-parse prio ...

Resolved issues

BugDescription
CVE-2022-0691Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...
CVE-2022-0686Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...
CVE-2022-0512Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...
CVE-2021-27515url-parse before 1.5.0 mishandles certain uses of backslash such as ht ...
CVE-2021-3664url-parse is vulnerable to URL Redirection to Untrusted Site
CVE-2020-8124Insufficient validation and sanitization of user input exists in url-p ...
CVE-2018-3774Incorrect parsing in url-parse <1.4.3 returns wrong hostname which lea ...

Security announcements

DSA / DLADescription
DLA-3336-1node-url-parse - security update

Search for package or bug name: Reporting problems