Vulnerabilities > CVE-2018-3774 - Server-Side Request Forgery (SSRF) vulnerability in Url-Parse Project Url-Parse

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

url-parse-project

CWE-918

NVD

Published: 2018-08-12

Updated: 2019-10-09

Summary

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

Vulnerable Configurations

Part	Description	Count
OS	Url-Parse_Project URL Parse Project URL Parse 0.0.4 URL Parse Project URL Parse 0.1 URL Parse Project URL Parse 0.1.0 URL Parse Project URL Parse 0.1.1 URL Parse Project URL Parse 0.1.2 URL Parse Project URL Parse 0.1.3 URL Parse Project URL Parse 0.1.4 URL Parse Project URL Parse 0.1.5 URL Parse Project URL Parse 0.2 URL Parse Project URL Parse 0.2.1 URL Parse Project URL Parse 0.2.2 URL Parse Project URL Parse 0.2.3 URL Parse Project URL Parse 1.0.0 URL Parse Project URL Parse 1.0.1 URL Parse Project URL Parse 1.0.2 URL Parse Project URL Parse 1.0.3 URL Parse Project URL Parse 1.0.4 URL Parse Project URL Parse 1.0.5 URL Parse Project URL Parse 1.1.0 URL Parse Project URL Parse 1.1.1 URL Parse Project URL Parse 1.1.2 URL Parse Project URL Parse 1.1.3 URL Parse Project URL Parse 1.1.4 URL Parse Project URL Parse 1.1.5 URL Parse Project URL Parse 1.1.6 URL Parse Project URL Parse 1.1.7 URL Parse Project URL Parse 1.1.8 URL Parse Project URL Parse 1.1.9 URL Parse Project URL Parse 1.2.0 URL Parse Project URL Parse 1.3.0	30

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References