Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2021-3664
Good to know:
Date: July 25, 2021
url-parse is vulnerable to URL Redirection to Untrusted Site
Language: JS
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
URL Redirection to Untrusted Site ('Open Redirect')
CWE-601Top Fix
Upgrade Version
Upgrade to version bizprove/canvas - v1.0;efecanaltay/hello-world - no_fix;meesy/shopavel - dev-dependabot/npm_and_yarn/axios-0.21.2;meesy/shopavel - dev-dependabot/npm_and_yarn/ansi-regex-5.0.1;meesy/shopavel - dev-add-code-of-conduct-1;meesy/shopavel - dev-dependabot/composer/laravel/framework-8.40.0;meesy/shopavel - dev-dependabot/npm_and_yarn/dns-packet-1.3.4;meesy/shopavel - dev-master;meesy/shopavel - dev-dependabot/npm_and_yarn/color-string-1.6.0;Fable.Sutil.Templates - 2.0.2;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - 0.0.2;chrisbraybrooke/laravel-ecommerce - 0.0.17;asuwebplatforms/webspark-module-webspark_isearch - dev-WS2-298;asuwebplatforms/webspark-module-webspark_isearch - dev-WS2-708;emolinablas/laravel-vue-crud - 1.0.1;saphyr-solutions/saphyr-web-generator - no_fix;saphyr-solutions/saphyr-web-generator - dev-ppe;saphyr-solutions/saphyr-web-generator - 1.0.x-dev;oburatongoi/productivity - no_fix;oburatongoi/productivity - 0.0.1;humanmade/workflows - 0.4.8-rc.1;humanmade/workflows - dev-master;VueJS.NetCore - 1.1.1;gheb/nn - dev-master;postboxcms/postbox - dev-dependabot/npm_and_yarn/ws-6.2.2;postboxcms/postbox - dev-sanketraut-patch-1;postboxcms/postbox - dev-dependabot/npm_and_yarn/url-parse-1.5.10;postboxcms/postbox - dev-package/dbo;postboxcms/postbox - dev-dependabot/npm_and_yarn/browserslist-4.16.6;postboxcms/postbox - dev-feature/ISSUE-39;kraenkvisuell/nova-cms-media - v1.2.2;kraenkvisuell/nova-cms-media - v1.0.3;kraenkvisuell/nova-cms-media - no_fix;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;miljoen/nova-autofill - v1.0.0;miljoen/nova-autofill - no_fix;ryguy2407/nwostarter - no_fix;ViewPacker - 1.1.5;aimensasi/inquiry-module - no_fix;trezebits/trezevel-gallery - no_fix;MIDIator.WebClient - 1.0.105;apothan/open-tour-website - dev-master;Fable.Template.Elmish.React - 0.1.6;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/y18n-3.2.2;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/ini-1.3.8;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/browserslist-4.17.0;flexxia/flexprimeng - dev-dependabot/npm_and_yarn/css/postcss/path-parse-1.0.7;url-parse - 1.5.2;GR.PageRender.Razor - 1.8.0;zombie.js - no_fix;devsfort/fortblog - no_fix;Envisia.DotNet.Templates - 3.0.1;zymawy/ironside-core - dev-utils;duncanrmorris/clients - no_fix;basic-builder/easybuilder-bundle - v0.0.3;SAFE.Template - 3.0.1;horizon/description - no_fix;horizon/description - dev-dependabot/npm_and_yarn/axios-0.21.1;rotary/rotary_bs4 - no_fix;adesso-mobile/php-confluence-client - 0.1.0;PWPTemplateCMS - no_fix;pwptemplatepusintek - no_fix;mahlamusa/material-php - 1.0.0;novum/innovation-app-core - dev-temp-commit;archambaultalex/image-field - no_fix;mayronalves/laravel-core - dev-dependabot/composer/symfony/mime-4.4.1;org.webjars.npm:url-parse:1.5.3
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | LOW |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | LOW |
| Authentication (AU): | NONE |
| Confidentiality (C): | NONE |
| Integrity (I): | PARTIAL |
| Availability (A): | NONE |
| Additional information: |