Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url #143

Open
1 of 4 tasks
TheKingTermux opened this issue Sep 28, 2022 · 4 comments
Open
1 of 4 tasks

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url #143

TheKingTermux opened this issue Sep 28, 2022 · 4 comments
Labels
Auto Create Issues Label for Auto Created Issues Critical This label for Security Severity only do-not-autoclose Make bot can't close an Issues or PRs Security Label for Security Issues
Milestone
Alice 1.0.6

Comments

@TheKingTermux
Copy link
Owner

Description

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.

Severity Check

  • Low
  • Moderate
  • High
  • Critical

Severity Number

9.1 / 10

CVSS base metrics

  • Attack vector
    Network

  • Attack complexity
    Low

  • Privileges required
    None

  • User interaction
    None

  • Scope
    Unchanged

  • Confidentiality
    High

  • Integrity
    High

  • Availability
    None

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

  • Weaknesses
    CWE-918

  • CVE ID
    CVE-2022-2900

  • GHSA ID
    GHSA-j9fq-vwqv-2fm2

Information

  • Package
    parse-url (npm)

  • Affected versions
    < 8.1.0

  • Patched versions
    8.1.0

References

https://nvd.nist.gov/vuln/detail/CVE-2022-2900

IonicaBizau/parse-url@b88c81d

https://huntr.dev/bounties/1b4c972a-abc8-41eb-a2e1-696db746b5fd
@TheKingTermux TheKingTermux added Security Label for Security Issues Auto Create Issues Label for Auto Created Issues labels Sep 28, 2022
@TheKingTermux TheKingTermux added this to the Alice 1.0.6 milestone Nov 21, 2022
@TheKingTermux TheKingTermux added the do-not-autoclose Make bot can't close an Issues or PRs label Jan 5, 2023
@github-actions
Copy link

github-actions bot commented Mar 6, 2023

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Mar 6, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 14, 2023
@TheKingTermux TheKingTermux reopened this Mar 14, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Mar 14, 2023
@TheKingTermux TheKingTermux added the Critical This label for Security Severity only label May 9, 2023
@github-actions
Copy link

github-actions bot commented Jul 9, 2023

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Jul 9, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 17, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Jul 17, 2023
@TheKingTermux TheKingTermux reopened this Jul 17, 2023
@github-actions
Copy link

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Sep 16, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Sep 23, 2023
@TheKingTermux TheKingTermux reopened this Sep 25, 2023
@github-actions github-actions bot removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Sep 25, 2023
@github-actions GitHub Actions
Copy link

Isu ini sudah tidak ada perkembangan

@github-actions github-actions bot added the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 25, 2023
@TheKingTermux TheKingTermux removed the no-issue-activity Label for Automatic Bot for Closing the Issues or PRs if not fixed anything in several days label Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Auto Create Issues Label for Auto Created Issues Critical This label for Security Severity only do-not-autoclose Make bot can't close an Issues or PRs Security Label for Security Issues
Projects
None yet
Milestone
Alice 1.0.6
Development

No branches or pull requests
1 participant
@TheKingTermux