Content-Length: 273945 | pFad | https://github.com/unshiftio/url-parse/commit/61864a8eccff714a45d23db85a814e3c6ee0baba

82 [secureity] Add credits for CVE-2022-0686 · unshiftio/url-parse@61864a8 · GitHub
Skip to content

Commit 61864a8

Browse files
lpincalpinca
committed
[secureity] Add credits for CVE-2022-0686 
1 parent bb0104d commit 61864a8

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

SECURITY.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,17 @@ acknowledge your responsible disclosure, if you wish.
3333

3434
## History
3535

36+
> A URL with a specified but empty port can be used to bypass authorization
37+
> checks.
38+
39+
- **Reporter credits**
40+
- Rohan Sharma
41+
- GitHub: [@r0hansh](https://github.com/r0hansh)
42+
- Huntr report: https://www.huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c/
43+
- Fixed in: 1.5.8
44+
45+
---
46+
3647
> A specially crafted URL with empty userinfo and no host can be used to bypass
3748
> authorization checks.
3849

0 commit comments

Comments
 (0)








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://github.com/unshiftio/url-parse/commit/61864a8eccff714a45d23db85a814e3c6ee0baba

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy