Description
Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/afffb2bd-fb06-4144-829e-ecbbcbc85388
Patch, Third Party Advisory x_refsource_misc
https://github.com/ionicabizau/parse-path/commit/f9ad8856a3c8ae18e1cf4caef5edbabbc42840e8
Scores
CVSS v3
7.3
EPSS
0.0013
EPSS Percentile
31.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-639
Status
published
Products (2)
npm/parse-path
0 - 5.0.0npm
parse-path_project/parse-path
< 5.0.0
Published
Jun 28, 2022
Tracked Since
Feb 18, 2026