It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. (CVE-2018-3774)
It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass input
validation. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-8124)
Yaniv Nizry discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-27515)
It was discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service, or to perform a server-side request forgery attack or open
redirect attack. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-3664)
It was discovered that url-parse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass
authorization. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2022-0512, CVE-2022-0639, CVE-2022-0691)
Rohan Sharma discovered that url-parse incorrectly handled certain inputs.
If a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to bypass
authorization. This issue was only fixed in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2022-0686)
More Stories
USN-6700-1: Linux kernel vulnerabilities
It was discovered that the Layer 2 Tunneling Protocol (L2TP) implementation in the Linux kernel contained a race condition when...
USN-6701-1: Linux kernel vulnerabilities
Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI...
w3m-0.5.3-63.git20230121.el7
FEDORA-EPEL-2024-5253d48b14 Packages in this update: w3m-0.5.3-63.git20230121.el7 Update description: Added upstream patch to fix out-of-bounds access due to multiple backspaces to...
w3m-0.5.3-63.git20230121.el8
FEDORA-EPEL-2024-bf31852fe0 Packages in this update: w3m-0.5.3-63.git20230121.el8 Update description: Added upstream patch to fix out-of-bounds access due to multiple backspaces to...
w3m-0.5.3-63.git20230121.el9
FEDORA-EPEL-2024-0398ebbbfa Packages in this update: w3m-0.5.3-63.git20230121.el9 Update description: Added upstream patch to fix out-of-bounds access due to multiple backspaces to...
w3m-0.5.3-63.git20230121.fc38
FEDORA-2024-38c2261ca0 Packages in this update: w3m-0.5.3-63.git20230121.fc38 Update description: Added upstream patch to fix out-of-bounds access due to multiple backspaces to...