advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-7f3x-x4pr-wqhj] Server-Side Request Forgery in parse-url

Open uh3tay opened this issue 1 year ago • 1 comments

Updates

  • Affected products

Comments Patched version is wrong. According to nvd.nist.gov and description of vuln "prior to 7.0.0"

uh3tay avatar Mar 05 '24 13:03 uh3tay

Hey @uh3tay, looking at the references perhaps the description should be updated instead. It seems like the fix commit https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3 is tagged with 6.0.1. Thoughts?

darakian avatar Mar 05 '24 21:03 darakian

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Mar 27 '24 00:03 taladrane

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Apr 13 '24 00:04 taladrane