Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for unshiftio/url-parse by unshiftio
CVE-2022-0691 (GCVE-0-2022-0691)
Vulnerability from nvd – Published: 2022-02-21 00:00 – Updated: 2024-08-02 23:40
VLAI
Title
Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Summary
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , < 1.5.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0006/"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThan": "1.5.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220325-0006/"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "57124ed5-4b68-4934-8325-2c546257f2e4",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0691",
"datePublished": "2022-02-21T00:00:00.000Z",
"dateReserved": "2022-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0686 (GCVE-0-2022-0686)
Vulnerability from nvd – Published: 2022-02-20 00:00 – Updated: 2024-08-02 23:40
VLAI
Title
Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Summary
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , < 1.5.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0006/"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThan": "1.5.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220325-0006/"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "55fd06cd-9054-4d80-83be-eb5a454be78c",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0686",
"datePublished": "2022-02-20T00:00:00.000Z",
"dateReserved": "2022-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0639 (GCVE-0-2022-0639)
Vulnerability from nvd – Published: 2022-02-17 00:00 – Updated: 2025-12-16 17:06
VLAI
Title
Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Summary
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , < 1.5.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-16T17:06:51.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThan": "1.5.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "83a6bc9a-b542-4a38-82cd-d995a1481155",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0639",
"datePublished": "2022-02-17T00:00:00.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2025-12-16T17:06:51.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0512 (GCVE-0-2022-0512)
Vulnerability from nvd – Published: 2022-02-14 00:00 – Updated: 2024-08-02 23:32
VLAI
Title
Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Summary
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
Severity
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , < 1.5.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "6d1bc51f-1876-4f5b-a2c2-734e09e8e05b",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0512",
"datePublished": "2022-02-14T00:00:00.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:45.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3664 (GCVE-0-2021-3664)
Vulnerability from nvd – Published: 2021-07-26 00:00 – Updated: 2024-08-03 17:01
VLAI
Title
Open Redirect in unshiftio/url-parse
Summary
url-parse is vulnerable to URL Redirection to Untrusted Site
Severity
5.3 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , ≤ 1.5.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1625557993985-unshiftio/url-parse"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "url-parse is vulnerable to URL Redirection to Untrusted Site"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1625557993985-unshiftio/url-parse"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "1625557993985-unshiftio/url-parse",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3664",
"datePublished": "2021-07-26T00:00:00.000Z",
"dateReserved": "2021-07-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0691 (GCVE-0-2022-0691)
Vulnerability from cvelistv5 – Published: 2022-02-21 00:00 – Updated: 2024-08-02 23:40
VLAI
Title
Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Summary
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , < 1.5.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0006/"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThan": "1.5.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220325-0006/"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "57124ed5-4b68-4934-8325-2c546257f2e4",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0691",
"datePublished": "2022-02-21T00:00:00.000Z",
"dateReserved": "2022-02-20T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0686 (GCVE-0-2022-0686)
Vulnerability from cvelistv5 – Published: 2022-02-20 00:00 – Updated: 2024-08-02 23:40
VLAI
Title
Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Summary
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , < 1.5.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220325-0006/"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThan": "1.5.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220325-0006/"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "55fd06cd-9054-4d80-83be-eb5a454be78c",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0686",
"datePublished": "2022-02-20T00:00:00.000Z",
"dateReserved": "2022-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:03.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0639 (GCVE-0-2022-0639)
Vulnerability from cvelistv5 – Published: 2022-02-17 00:00 – Updated: 2025-12-16 17:06
VLAI
Title
Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Summary
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
Severity
6.5 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , < 1.5.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-12-16T17:06:51.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThan": "1.5.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "83a6bc9a-b542-4a38-82cd-d995a1481155",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0639",
"datePublished": "2022-02-17T00:00:00.000Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2025-12-16T17:06:51.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0512 (GCVE-0-2022-0512)
Vulnerability from cvelistv5 – Published: 2022-02-14 00:00 – Updated: 2024-08-02 23:32
VLAI
Title
Authorization Bypass Through User-Controlled Key in unshiftio/url-parse
Summary
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
Severity
8.8 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , < 1.5.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThan": "1.5.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "6d1bc51f-1876-4f5b-a2c2-734e09e8e05b",
"discovery": "EXTERNAL"
},
"title": "Authorization Bypass Through User-Controlled Key in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0512",
"datePublished": "2022-02-14T00:00:00.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:45.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3664 (GCVE-0-2021-3664)
Vulnerability from cvelistv5 – Published: 2021-07-26 00:00 – Updated: 2024-08-03 17:01
VLAI
Title
Open Redirect in unshiftio/url-parse
Summary
url-parse is vulnerable to URL Redirection to Untrusted Site
Severity
5.3 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unshiftio | unshiftio/url-parse |
Affected:
unspecified , ≤ 1.5.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1625557993985-unshiftio/url-parse"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unshiftio/url-parse",
"vendor": "unshiftio",
"versions": [
{
"lessThanOrEqual": "1.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "url-parse is vulnerable to URL Redirection to Untrusted Site"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-23T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1625557993985-unshiftio/url-parse"
},
{
"url": "https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0"
},
{
"name": "[debian-lts-announce] 20230223 [SECURITY] [DLA 3336-1] node-url-parse security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html"
}
],
"source": {
"advisory": "1625557993985-unshiftio/url-parse",
"discovery": "EXTERNAL"
},
"title": "Open Redirect in unshiftio/url-parse"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3664",
"datePublished": "2021-07-26T00:00:00.000Z",
"dateReserved": "2021-07-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:01:07.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}