Release | Version |
---|---|
stretch | 1.0.5-2+deb9u1 |
buster | 1.2.0-2+deb10u1 |
bullseye | 1.4.7+repack-2 |
sid | 1.4.7+repack-2 |
Bug | stretch | buster | bullseye | sid | Description |
---|---|---|---|---|---|
CVE-2021-27515 | vulnerable | vulnerable | vulnerable | vulnerable | url-parse before 1.5.0 mishandles certain uses of backslash such as ht ... |
CVE-2020-8124 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Insufficient validation and sanitization of user input exists in url-p ... |
Bug | Description |
---|---|
CVE-2018-3774 | Incorrect parsing in url-parse <1.4.3 returns wrong hostname which ... |