2102863 – (CVE-2022-2217) CVE-2022-2217 npm: XSS in parse-url

Bug 2102863 (CVE-2022-2217) - CVE-2022-2217 npm: XSS in parse-url

Summary: CVE-2022-2217 npm: XSS in parse-url

Keywords:
Status:	NEW
Alias:	CVE-2022-2217
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2107000
Blocks:	2102865
TreeView+	depends on / blocked

Reported:	2022-06-30 20:49 UTC by Sage McTaggart
Modified:	2023-07-21 22:26 UTC (History)
CC List:	38 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A cross-site-scripting (XSS) flaw was found in the parse-url package of npm. This issue could allow an attacker to use escape characters to run malicious JavaScript code on a webpage that was generated by the affected package. The highest impact is to integrity and confidentiality.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Sage McTaggart 2022-06-30 20:49:10 UTC

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.

https://github.com/ionicabizau/parse-url/commit/21c72ab9412228eea753e2abc48f8962707b1fe3
https://huntr.dev/bounties/4e046c63-b1ca-4bcc-b418-29796918a71b

Note You need to log in before you can comment on or make changes to this bug.

ahanwate
aileenc
alazarot
anstephe
balejosg
bdettelb
bmontgom
chazlett
dfreiber
ellin
emingora
eparis
eric.wittmann
ibek
janstey
jburrell
jhadvig
jochrist
jrokos
jschatte
kverlaen
mnovotny
mwringe
nboldt
nstielau
pantinor
peholase
pjindal
ploffay
rareddy
rgarg
rguimara
rogbas
scorneli
shbose
sponnaga
ubhargav
vkumar