Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0686: Authorization Bypass Through User-Controlled Key in url-parse

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

CVE
Open in Source
#vulnerability#nodejs#ssrf#auth

Description

url-parse is unable to find the correct hostname when no port number is provided in the url.

Payload: http://example.com:

Proof of Concept

var Url = require('url-parse');
var PAYLOAD = "http://example.com:";

// Expected hostname: example.com
// Actual hostname by url-parse: example.com:
console.log(Url(PAYLOAD));

OUTPUT:

{
  slashes: true,
  protocol: 'http:',
  hash: '',
  query: '',
  pathname: '/',
  auth: '',
  host: 'example.com:',
  port: '',
  hostname: 'example.com:',
  password: '',
  username: '',
  origin: 'http://example.com:',
  href: 'http://example.com:/'
}

Impact

It can lead to SSRF, Open Redirect or any other vulnerability which depends on the hostname field of parsed url.

Occurrences

Related news

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

Red Hat Security Advisory 2022-6429-01

Red Hat Security Advisory 2022-6429-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include bypass, code execution, and denial of service vulnerabilities.

RHSA-2022:6429: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-28500: nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions * CVE-2021-23337: nodejs-lodash: command injection via template * CVE-2022-0512: nodejs-url-parse: authorization bypass through user-controlled key * CVE-2022-0639: npm-url-parse: Authorization Bypass Through User-Controlled Key * CVE-2022-0686: npm-url-parse: Authorization bypass thr...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE