PT-2020-19961 · Npm+2 · Url-Parse+2
Published
2020-02-04
·
Updated
2023-03-27
·
CVE-2020-8124
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
url-parse versions 1.4.4 and earlier
Description
The issue is related to insufficient validation and sanitization of user input in the url-parse npm package, which may allow an attacker to bypass security checks.
Recommendations
For versions 1.4.4 and earlier, update to a version later than 1.4.4 to resolve the issue.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Url-Parse