[ubuntu/focal-security] node-url-parse 1.4.7-3ubuntu0.1 (Accepted)
Amir Naseredini
amir.naseredini at canonical.com
Mon Mar 27 15:01:23 UTC 2023
node-url-parse (1.4.7-3ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Authorization Bypass
- debian/patches/CVE-2022-0512[1-7].patch: fixed improper input handeling
in node-url-parse for input containing the at sign.
- debian/patches/CVE-2022-0639[1-2].patch: fixed improper input handeling
in node-url-parse in toString function.
- debian/patches/CVE-2022-0686[1-7].patch: fixed improper input handeling
in node-url-parse when input contains specified but empty port.
- debian/patches/CVE-2022-0691[1-2].patch: fixed improper input handeling
in node-url-parse for input containing URL beginning with control
characters.
- CVE-2022-0512
- CVE-2022-0639
- CVE-2022-0686
- CVE-2022-0691
* SECURITY UPDATE: Open Redirect, SSRF, and DoS
- debian/patches/CVE-2021-27515.patch: fixed improper input handeling
in node-url-parse for input containing backslash.
- debian/patches/CVE-2021-3664[1-5].patch: fixed improper input handeling
in node-url-parse for input containing backslash.
- CVE-2021-27515
- CVE-2021-3664
Date: 2023-03-23 14:40:10.041378+00:00
Changed-By: Amir Naseredini <amir.naseredini at canonical.com>
https://launchpad.net/ubuntu/+source/node-url-parse/1.4.7-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list