| Release | Version |
|---|---|
| buster | 1.2.0-2+deb10u1 |
| buster (security) | 1.2.0-2+deb10u2 |
| bullseye | 1.5.3-1+deb11u1 |
| bookworm | 1.5.10+~1.4.8-2 |
| trixie | 1.5.10+~1.4.8-3 |
| sid | 1.5.10+~1.4.8-3 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2022-0639 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Authorization Bypass Through User-Controlled Key in NPM url-parse prio ... |
| CVE-2022-0512 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Authorization Bypass Through User-Controlled Key in NPM url-parse prio ... |
| Bug | Description |
|---|---|
| CVE-2022-0691 | Authorization Bypass Through User-Controlled Key in NPM url-parse prio ... |
| CVE-2022-0686 | Authorization Bypass Through User-Controlled Key in NPM url-parse prio ... |
| CVE-2021-27515 | url-parse before 1.5.0 mishandles certain uses of backslash such as ht ... |
| CVE-2021-3664 | url-parse is vulnerable to URL Redirection to Untrusted Site |
| CVE-2020-8124 | Insufficient validation and sanitization of user input exists in url-p ... |
| CVE-2018-3774 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which lea ... |
| DSA / DLA | Description |
|---|---|
| DLA-3336-1 | node-url-parse - security update |