Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for ionicabizau/parse-url by ionicabizau
CVE-2022-3224 (GCVE-0-2022-3224)
Vulnerability from cvelistv5 – Published: 2022-09-15 11:30 – Updated: 2024-08-03 01:00
VLAI
Title
Misinterpretation of Input in ionicabizau/parse-url
Summary
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.
Severity
9.4 (Critical)
CWE
- CWE-115 - Misinterpretation of Input
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3587a567-7fcd-4702-b7c… | x_refsource_CONFIRM |
| https://github.com/ionicabizau/parse-url/commit/9… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 8.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-115",
"description": "CWE-115 Misinterpretation of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T11:30:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e"
}
],
"source": {
"advisory": "3587a567-7fcd-4702-b7c9-d9ca565e3c62",
"discovery": "EXTERNAL"
},
"title": "Misinterpretation of Input in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3224",
"STATE": "PUBLIC",
"TITLE": "Misinterpretation of Input in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.1.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-115 Misinterpretation of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62"
},
{
"name": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e"
}
]
},
"source": {
"advisory": "3587a567-7fcd-4702-b7c9-d9ca565e3c62",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3224",
"datePublished": "2022-09-15T11:30:12.000Z",
"dateReserved": "2022-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2900 (GCVE-0-2022-2900)
Vulnerability from cvelistv5 – Published: 2022-09-14 08:30 – Updated: 2024-08-03 00:52
VLAI
Title
Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
Summary
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.
Severity
9.1 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e… | x_refsource_CONFIRM |
| https://github.com/ionicabizau/parse-url/commit/b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 8.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T09:10:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"
}
],
"source": {
"advisory": "1b4c972a-abc8-41eb-a2e1-696db746b5fd",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2900",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.1.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"
},
{
"name": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"
}
]
},
"source": {
"advisory": "1b4c972a-abc8-41eb-a2e1-696db746b5fd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2900",
"datePublished": "2022-09-14T08:30:13.000Z",
"dateReserved": "2022-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:52:59.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2216 (GCVE-0-2022-2216)
Vulnerability from cvelistv5 – Published: 2022-06-27 12:10 – Updated: 2024-08-03 00:32
VLAI
Title
Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
Summary
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Severity
9.4 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ionicabizau/parse-url/commit/2… | x_refsource_MISC |
| https://huntr.dev/bounties/505a3d39-2723-4a06-b1f… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T12:10:17.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1"
}
],
"source": {
"advisory": "505a3d39-2723-4a06-b1f7-9b2d133c92e1",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2216",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"name": "https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1"
}
]
},
"source": {
"advisory": "505a3d39-2723-4a06-b1f7-9b2d133c92e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2216",
"datePublished": "2022-06-27T12:10:18.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:08.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2218 (GCVE-0-2022-2218)
Vulnerability from cvelistv5 – Published: 2022-06-27 12:10 – Updated: 2024-08-03 00:32
VLAI
Title
Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Severity
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ionicabizau/parse-url/commit/2… | x_refsource_MISC |
| https://huntr.dev/bounties/024912d3-f103-4daf-a1d… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T12:10:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5"
}
],
"source": {
"advisory": "024912d3-f103-4daf-a1d0-567f4d9f2bf5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2218",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"name": "https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5"
}
]
},
"source": {
"advisory": "024912d3-f103-4daf-a1d0-567f4d9f2bf5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2218",
"datePublished": "2022-06-27T12:10:09.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0722 (GCVE-0-2022-0722)
Vulnerability from cvelistv5 – Published: 2022-06-27 10:50 – Updated: 2024-08-02 23:40
VLAI
Title
Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Severity
4.8 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ionicabizau/parse-url/commit/2… | x_refsource_MISC |
| https://huntr.dev/bounties/2490ef6d-5577-4714-a4d… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T10:50:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
],
"source": {
"advisory": "2490ef6d-5577-4714-a4dd-9608251b4226",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0722",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"name": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
]
},
"source": {
"advisory": "2490ef6d-5577-4714-a4dd-9608251b4226",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0722",
"datePublished": "2022-06-27T10:50:10.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2217 (GCVE-0-2022-2217)
Vulnerability from cvelistv5 – Published: 2022-06-27 10:15 – Updated: 2024-08-03 00:32
VLAI
Title
Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Severity
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b41… | x_refsource_CONFIRM |
| https://github.com/ionicabizau/parse-url/commit/2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T10:15:23.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
}
],
"source": {
"advisory": "4e046c63-b1ca-4bcc-b418-29796918a71b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2217",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b"
},
{
"name": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
}
]
},
"source": {
"advisory": "4e046c63-b1ca-4bcc-b418-29796918a71b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2217",
"datePublished": "2022-06-27T10:15:24.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:08.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3224 (GCVE-0-2022-3224)
Vulnerability from nvd – Published: 2022-09-15 11:30 – Updated: 2024-08-03 01:00
VLAI
Title
Misinterpretation of Input in ionicabizau/parse-url
Summary
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.
Severity
9.4 (Critical)
CWE
- CWE-115 - Misinterpretation of Input
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/3587a567-7fcd-4702-b7c… | x_refsource_CONFIRM |
| https://github.com/ionicabizau/parse-url/commit/9… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 8.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-115",
"description": "CWE-115 Misinterpretation of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T11:30:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e"
}
],
"source": {
"advisory": "3587a567-7fcd-4702-b7c9-d9ca565e3c62",
"discovery": "EXTERNAL"
},
"title": "Misinterpretation of Input in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3224",
"STATE": "PUBLIC",
"TITLE": "Misinterpretation of Input in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.1.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-115 Misinterpretation of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62"
},
{
"name": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e"
}
]
},
"source": {
"advisory": "3587a567-7fcd-4702-b7c9-d9ca565e3c62",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3224",
"datePublished": "2022-09-15T11:30:12.000Z",
"dateReserved": "2022-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2900 (GCVE-0-2022-2900)
Vulnerability from nvd – Published: 2022-09-14 08:30 – Updated: 2024-08-03 00:52
VLAI
Title
Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
Summary
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.
Severity
9.1 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e… | x_refsource_CONFIRM |
| https://github.com/ionicabizau/parse-url/commit/b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 8.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T09:10:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"
}
],
"source": {
"advisory": "1b4c972a-abc8-41eb-a2e1-696db746b5fd",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2900",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.1.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd"
},
{
"name": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/b88c81df8f4c5168af454eaa4f92afa9349e4e13"
}
]
},
"source": {
"advisory": "1b4c972a-abc8-41eb-a2e1-696db746b5fd",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2900",
"datePublished": "2022-09-14T08:30:13.000Z",
"dateReserved": "2022-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:52:59.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2216 (GCVE-0-2022-2216)
Vulnerability from nvd – Published: 2022-06-27 12:10 – Updated: 2024-08-03 00:32
VLAI
Title
Server-Side Request Forgery (SSRF) in ionicabizau/parse-url
Summary
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Severity
9.4 (Critical)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ionicabizau/parse-url/commit/2… | x_refsource_MISC |
| https://huntr.dev/bounties/505a3d39-2723-4a06-b1f… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T12:10:17.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1"
}
],
"source": {
"advisory": "505a3d39-2723-4a06-b1f7-9b2d133c92e1",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2216",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"name": "https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/505a3d39-2723-4a06-b1f7-9b2d133c92e1"
}
]
},
"source": {
"advisory": "505a3d39-2723-4a06-b1f7-9b2d133c92e1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2216",
"datePublished": "2022-06-27T12:10:18.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:08.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2218 (GCVE-0-2022-2218)
Vulnerability from nvd – Published: 2022-06-27 12:10 – Updated: 2024-08-03 00:32
VLAI
Title
Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Severity
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ionicabizau/parse-url/commit/2… | x_refsource_MISC |
| https://huntr.dev/bounties/024912d3-f103-4daf-a1d… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T12:10:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5"
}
],
"source": {
"advisory": "024912d3-f103-4daf-a1d0-567f4d9f2bf5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2218",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"name": "https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/024912d3-f103-4daf-a1d0-567f4d9f2bf5"
}
]
},
"source": {
"advisory": "024912d3-f103-4daf-a1d0-567f4d9f2bf5",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2218",
"datePublished": "2022-06-27T12:10:09.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:09.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0722 (GCVE-0-2022-0722)
Vulnerability from nvd – Published: 2022-06-27 10:50 – Updated: 2024-08-02 23:40
VLAI
Title
Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url
Summary
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Severity
4.8 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ionicabizau/parse-url/commit/2… | x_refsource_MISC |
| https://huntr.dev/bounties/2490ef6d-5577-4714-a4d… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T10:50:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
],
"source": {
"advisory": "2490ef6d-5577-4714-a4dd-9608251b4226",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0722",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
},
{
"name": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2490ef6d-5577-4714-a4dd-9608251b4226"
}
]
},
"source": {
"advisory": "2490ef6d-5577-4714-a4dd-9608251b4226",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0722",
"datePublished": "2022-06-27T10:50:10.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2217 (GCVE-0-2022-2217)
Vulnerability from nvd – Published: 2022-06-27 10:15 – Updated: 2024-08-03 00:32
VLAI
Title
Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.
Severity
9.1 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b41… | x_refsource_CONFIRM |
| https://github.com/ionicabizau/parse-url/commit/2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ionicabizau | ionicabizau/parse-url |
Affected:
unspecified , < 7.0.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:08.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ionicabizau/parse-url",
"vendor": "ionicabizau",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T10:15:23.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
}
],
"source": {
"advisory": "4e046c63-b1ca-4bcc-b418-29796918a71b",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-2217",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Generic in ionicabizau/parse-url"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ionicabizau/parse-url",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "ionicabizau"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b"
},
{
"name": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3",
"refsource": "MISC",
"url": "https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3"
}
]
},
"source": {
"advisory": "4e046c63-b1ca-4bcc-b418-29796918a71b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2217",
"datePublished": "2022-06-27T10:15:24.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:32:08.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}