UbuntuUpdates.org

Package "node-url-parse"

Name: node-url-parse

Description:

Parse URL in node using the URL module and in the browser using the DOM
Latest version: 1.4.7-3ubuntu0.1
Release: focal (20.04)
Level: updates
Repository: universe
Homepage: https://github.com/unshiftio/url-parse#readme

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "node-url-parse"

All arch deb package
APT INSTALL

Other versions of "node-url-parse" in Focal

Repository Area Version
base universe 1.4.7-3
security universe 1.4.7-3ubuntu0.1

Changelog

Version: 1.4.7-3ubuntu0.1 2023-03-27 18:06:53 UTC

  node-url-parse (1.4.7-3ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Authorization Bypass
    - debian/patches/CVE-2022-0512[1-7].patch: fixed improper input handeling
      in node-url-parse for input containing the at sign.
    - debian/patches/CVE-2022-0639[1-2].patch: fixed improper input handeling
      in node-url-parse in toString function.
    - debian/patches/CVE-2022-0686[1-7].patch: fixed improper input handeling
      in node-url-parse when input contains specified but empty port.
    - debian/patches/CVE-2022-0691[1-2].patch: fixed improper input handeling
      in node-url-parse for input containing URL beginning with control
      characters.
    - CVE-2022-0512
    - CVE-2022-0639
    - CVE-2022-0686
    - CVE-2022-0691
  * SECURITY UPDATE: Open Redirect, SSRF, and DoS
    - debian/patches/CVE-2021-27515.patch: fixed improper input handeling
      in node-url-parse for input containing backslash.
    - debian/patches/CVE-2021-3664[1-5].patch: fixed improper input handeling
      in node-url-parse for input containing backslash.
    - CVE-2021-27515
    - CVE-2021-3664

 -- Amir Naseredini <email address hidden> Thu, 23 Mar 2023 12:49:27 +0000
CVE-2022-0512 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVE-2022-0686 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVE-2022-0691 Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVE-2021-27515 url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2021-3664 url-parse is vulnerable to URL Redirection to Untrusted Site


About   -   Send Feedback to @ubuntu_updates