node-url-parse 1.4.7-3ubuntu0.1 source package in Ubuntu
Changelog
node-url-parse (1.4.7-3ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Authorization Bypass
- debian/patches/CVE-2022-0512[1-7].patch: fixed improper input handeling
in node-url-parse for input containing the at sign.
- debian/patches/CVE-2022-0639[1-2].patch: fixed improper input handeling
in node-url-parse in toString function.
- debian/patches/CVE-2022-0686[1-7].patch: fixed improper input handeling
in node-url-parse when input contains specified but empty port.
- debian/patches/CVE-2022-0691[1-2].patch: fixed improper input handeling
in node-url-parse for input containing URL beginning with control
characters.
- CVE-2022-0512
- CVE-2022-0639
- CVE-2022-0686
- CVE-2022-0691
* SECURITY UPDATE: Open Redirect, SSRF, and DoS
- debian/patches/CVE-2021-27515.patch: fixed improper input handeling
in node-url-parse for input containing backslash.
- debian/patches/CVE-2021-3664[1-5].patch: fixed improper input handeling
in node-url-parse for input containing backslash.
- CVE-2021-27515
- CVE-2021-3664
-- Amir Naseredini <email address hidden> Thu, 23 Mar 2023 12:49:27 +0000
Upload details
- Uploaded by:
- Amir Naseredini
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- javascript
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Focal | updates | universe | misc | |
| Focal | security | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| node-url-parse_1.4.7.orig.tar.gz | 14.9 KiB | 5167b48dac951d0df980b8c460a15ca0eb000ca618e40c6f797dc1954c4c35c2 |
| node-url-parse_1.4.7-3ubuntu0.1.debian.tar.xz | 33.7 KiB | 1db4541b93d4394fe848ec7944e05368cb9aa4838bce6ea24d0ca98729f545ba |
| node-url-parse_1.4.7-3ubuntu0.1.dsc | 2.2 KiB | 8c73f7b5f563fc3515c40ded2b1c108f28a1c9eaee744af82e85c644e7058498 |
Available diffs
Binary packages built by this source
- node-url-parse: Parse URL in node using the URL module and in the browser using the DOM
The url-parse method exposes two different API interfaces. The url interface
that you know from Node.js and the new URL interface that is available in
the latest browsers.
.
Since 0.1 we've moved away from using the DOM's <a> element for URL parsing
and moving to a full Regular Expression solution. The main reason for this
change is to make the URL parser available in different JavaScript
environments as you don't always have access to the DOM like Worker
environments. This module still have a really small foot print as this
module's main intention is to be bundled with client-side code. The only
problem however with a RegExp based solution is that it required a lot of
lookups causing major problems in FireFox. So the last and the current
solution was a pure string parsing solution which chops up the URL in
smaller pieces.
.
Node.js is an event-based server-side JavaScript engine.
