Candidate: CVE-2020-8124
PublicDate: 2020-02-04 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8124
 https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b
 https://hackerone.com/reports/496293
Description:
 Insufficient validation and sanitization of user input exists in url-parse
 npm package version 1.4.4 and earlier may allow attacker to bypass security
 checks.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]


Patches_node-url-parse:
upstream_node-url-parse: released (1.4.7-1)
precise/esm_node-url-parse: DNE
trusty_node-url-parse: ignored (out of standard support)
trusty/esm_node-url-parse: DNE
xenial_node-url-parse: ignored (end of standard support, was needs-triage)
bionic_node-url-parse: needs-triage
eoan_node-url-parse: not-affected (1.4.7-3)
focal_node-url-parse: not-affected
groovy_node-url-parse: not-affected
hirsute_node-url-parse: not-affected
impish_node-url-parse: not-affected
jammy_node-url-parse: not-affected
devel_node-url-parse: not-affected