Vulnerabilities > CVE-2018-3774 - Server-Side Request Forgery (SSRF) vulnerability in Url-Parse Project Url-Parse

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
url-parse-project
CWE-918
critical
NVD
Published: 2018-08-12
Updated: 2024-11-21

Summary

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Vulnerable Configurations

Part Description Count
OS
Url-Parse_Project
30

Common Weakness Enumeration (CWE)

References