CVE-2022-0686

CRITICAL9.1EPSS 0.10%

Authorization Bypass Through User-Controlled Key in url-parse

發布日:2022/2/21修改日:2023/11/8

也稱為:GHSA-hgjh-723h-mx2jDEBIAN-CVE-2022-0686

描述

url-parse prior to version 1.5.8 is vulnerable to Authorization Bypass Through User-Controlled Key.

受影響套件(2)

Debian/node-url-parsefrom 0, < 1.5.3-1+deb11u1
npm/url-parsefrom 0, < 1.5.8

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

參考連結(7)