url-parse : < 1.5.7 - Authorization Bypass Through User-Controlled Key in url-parse
Created by: armorcodegithubqa[bot]
url-parse prior to version 1.5.7 is vulnerable to Authorization Bypass Through User-Controlled Key. Url-parse is not able to verify broken protocol. This will allow to bypass hostname validation.
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-0639
- https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788
- https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155
- https://github.com/advisories/GHSA-8v38-pw62-9cw2
File Path: public/package-lock.json
Mitigation: Patched version: 1.5.7