PT-2022-13388 · Parse-Url · Url-Parse

Published

2022-06-27

Updated

2022-07-06

CVE-2022-0722

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions parse-url versions prior to 7.0.0

Description The issue concerns exposure of sensitive information to an unauthorized actor. This occurs due to hostname confusion in the GitHub repository ionicabizau/parse-url.

Recommendations For versions prior to 7.0.0, update to version 7.0.0 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2022-0722

GHSA-4P35-CFCX-8653

Affected Products

Url-Parse

PT-2022-13388 · Parse-Url · Url-Parse

CVE-2022-0722

Weakness Enumeration

Related Identifiers

Affected Products

References · 8