Bug 1989389 (CVE-2021-3664)
Summary: | CVE-2021-3664 nodejs-url-parse: URL Redirection to Untrusted Site | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aileenc, alazarot, anpicker, anstephe, aos-bugs, bdettelb, bmontgom, caswilli, chazlett, emingora, eparis, fjansen, gmalinko, gparvin, ibek, janstey, jburrell, jochrist, jrokos, jross, jwendell, jwon, kaycoth, kverlaen, mnovotny, nstielau, pjindal, rcernich, rfreiman, rgodfrey, rguimara, spasquie, sponnaga, stcannon, tcarlin, tomckay, twalsh, vmugicag |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | url-parse 1.5.2 | Doc Type: | No Doc Update |
Doc Text: |
An input validation flaw was found in the nodejs url-parse library, which incorrectly parses a URL that contains backslashes. This flaw allows an attacker to specify a relative URL and cause the browser to redirect to a malicious website. The highest threat from this vulnerability is to integrity. Related vulnerability is CVE-2021-27515.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1992093, 1992094, 1992095, 1992783, 1992784, 1992785, 1992786, 1992787, 1992819, 1995342 | ||
Bug Blocks: | 1989390 |
Description
Dhananjay Arunesh
2021-08-03 06:16:35 UTC
Upstream fix: https://github.com/unshiftio/url-parse/pull/208 This vulnerability is exactly like CVE-2021-27515. The fix looks like a incomplete fix for CVE-2021-27515 (https://github.com/unshiftio/url-parse/pull/197/files). This is only pulled in by default with the webpack-dev-server. We don't actually use the url-parse package in our application. Is there anything else we need to do with this? |