CVE-2022-3224 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-3224

CVE-2022-3224

September 15, 2022

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.

Affected Packages

parse-url (NPM):

Affected version(s) >=0.0.1 <8.1.0

Fix Suggestion:

Update to version 8.1.0

Related Resources (5)

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3224.json

https://github.com/ionicabizau/parse-url/commit/9cacf38de02db0fb1358bd6ec04543e523cd6a8e

https://nvd.nist.gov/vuln/detail/CVE-2022-3224

https://huntr.dev/bounties/3587a567-7fcd-4702-b7c9-d9ca565e3c62

https://github.com/ionicabizau/parse-url

Do you need more information?

CVSS v4

Base Score:

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Misinterpretation of Input

CWE-115

EPSS

Base Score:

0.32

Products

Solutions

Resources

Company

Compare

Developer Tools