Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Input Validation
Vulnerability Description
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
URL.js 输入验证错误漏洞
Vulnerability Description
URL.js是用于解析和格式化 URL。 URL.js 中存在安全漏洞,该漏洞由于解析不当,容易受到 Improper Input Validation 的影响,这使得主机名有可能被欺骗。
CVSS Information
N/A
Vulnerability Type
N/A