View all vulnerabilities

CVE-2018-3774

Open Redirect in url-parse

Versions of `url-parse` before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery (SSRF), or Bypass Authentication Protocol vulnerabilities.## RecommendationUpdate to version 1.4.3 or later.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
10
Score Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Versions
url-parse < 1.4.3
Severity
Ecosystem
JavaScript
Publish Date
August 13, 2018
Modified Date
November 7, 2023