2020-02-04 19:08:56
hackerone
PUBLISHED
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.