CVE-2018-3774

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions url-parse versions prior to 1.4.3

Description The issue is related to incorrect parsing in url-parse, which returns the wrong hostname. This can lead to multiple vulnerabilities, including Server Side Request Forgery (SSRF), Open Redirect, and Bypass Authentication Protocol.

Recommendations Update to version 1.4.3 or later.

Fix

Open Redirect

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-918CWE-425

Related Identifiers

CVE-2018-3774

GHSA-PV4C-P2J5-38J4

USN-5973-1

Affected Products

Linuxmint

Ubuntu

Url-Parse

CVE-2018-3774

Weakness Enumeration

Related Identifiers

Affected Products

References · 26