Package: node-url-parse / 1.2.0-2+deb10u1

Metadata

Package Version Patches format
node-url-parse 1.2.0-2+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2018 3774.diff | (download)

index.js | 9 8 + 1 - 0 !
test/test.js | 22 22 + 0 - 0 !
2 files changed, 30 insertions(+), 1 deletion(-)

 
 fix for cve-2018-3774
CVE 2020 8124.diff | (download)

index.js | 18 17 + 1 - 0 !
test/test.js | 17 17 + 0 - 0 !
2 files changed, 34 insertions(+), 1 deletion(-)

 
 fix cve 2020-8124
 Insufficient validation and sanitization of user input exists in url-parse
 npm package version 1.4.4 and earlier may allow attacker to bypass security
 checks.