Vulnerable Package issue exists @ Npm-url-parse-1.4.4 in branch main
url-parse before 1.5.0 fails to parse the URL correctly when using backslash in the protocol e.g. http:\/. Browsers accept backslashes after the protocol, and treat it as a normal slash. While url-parse before 1.5.0 sees it as a relative path. This might cause various vulnerabilities in case of validating a URL with the affected versions.
Namespace: Svetlana-github
Repository: test
Repository Url: https://github.com/Svetlana-github/test
CxAST-Project: Svetlana-github/test
CxAST platform scan: 8821ba41-d324-41fa-8053-d13dfc156a43
Branch: main
Application: test
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-20
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: NONE
Remediation Upgrade Recommendation: 1.5.9
References
Advisory
Commit
Pull request
Release Note
Advisory
Vulnerable Package issue exists @ Npm-url-parse-1.4.4 in branch main
url-parse before 1.5.0 fails to parse the URL correctly when using backslash in the protocol e.g.
http:\/. Browsers accept backslashes after the protocol, and treat it as a normal slash. While url-parse before 1.5.0 sees it as a relative path. This might cause various vulnerabilities in case of validating a URL with the affected versions.Namespace: Svetlana-github
Repository: test
Repository Url: https://github.com/Svetlana-github/test
CxAST-Project: Svetlana-github/test
CxAST platform scan: 8821ba41-d324-41fa-8053-d13dfc156a43
Branch: main
Application: test
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-20
Addition Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: NONE
Remediation Upgrade Recommendation: 1.5.9
References
Advisory
Commit
Pull request
Release Note
Advisory