Skip to content

Commit

Permalink
[security] Add credits for incorrect handling of userinfo vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
lpinca committed Feb 13, 2022
1 parent 4c9fa23 commit e6fa434
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,14 @@ acknowledge your responsible disclosure, if you wish.

## History

> Incorrect handling of username and password can lead to authorization bypass.
- **Reporter credits**
- ranjit-git
- GitHub: [@ranjit-git](https://github.com/ranjit-git)
- Huntr report: https://www.huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b/
- Fixed in: 1.5.6

> url-parse mishandles certain uses of a single (back) slash such as https:\ &
> https:/ and interprets the URI as a relative path. Browsers accept a single
> backslash after the protocol, and treat it as a normal slash, while url-parse
Expand Down

0 comments on commit e6fa434

Please sign in to comment.