A vulnerability was found in nodejs-url-parse where url-parse is vulnerable to URL Redirection to Untrusted Site. References: https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
Upstream fix: https://github.com/unshiftio/url-parse/pull/208
This vulnerability is exactly like CVE-2021-27515. The fix looks like a incomplete fix for CVE-2021-27515 (https://github.com/unshiftio/url-parse/pull/197/files).
This is only pulled in by default with the webpack-dev-server. We don't actually use the url-parse package in our application. Is there anything else we need to do with this?