CVE-2022-0686

CRITICAL9.1EPSS 0.10%

Authorization Bypass Through User-Controlled Key in url-parse

Published: 2/21/2022Modified: 4/28/2026

Description

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

Affected packages (2)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1CRITICAL9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (7)