CVE-2018-3774 Information

Feb 14, 2021 cve

Description

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF Open Redirect Bypass Authentication Protocol.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Reference

https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de https://hackerone.com/reports/384029 Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF Open Redirect Bypass Authentication Protocol. cpe:2.3:o:url-parse_project:url-parse::::::::

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

10.0

Share on: