Description
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
Remediation
References
https://hackerone.com/reports/496293
Related Vulnerabilities
CVE-2023-41900 Vulnerability in maven package org.eclipse.jetty:jetty-openid
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-ui
CVE-2023-26487 Vulnerability in npm package vega-functions
CVE-2021-32859 Vulnerability in npm package baremetrics-calendar
CVE-2020-8175 Vulnerability in maven package org.webjars.npm:jpeg-js