| Release | Version |
|---|---|
| stretch | 1.0.5-2+deb9u1 |
| buster | 1.2.0-2+deb10u1 |
| bullseye | 1.4.7+repack-2 |
| sid | 1.4.7+repack-2 |
| Bug | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|
| CVE-2021-27515 | vulnerable | vulnerable | vulnerable | vulnerable | url-parse before 1.5.0 mishandles certain uses of backslash such as ht ... |
| CVE-2020-8124 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Insufficient validation and sanitization of user input exists in url-p ... |
| Bug | Description |
|---|---|
| CVE-2018-3774 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which ... |