-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4413-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 16, 2025 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : node-url-parse Version : 1.5.3-1+deb11u3 CVE ID : CVE-2022-0639 It was found that in node-url-parse, a Node.js module used to parse URLs, an incorrect conversion of `@` characters in protocol in the `href` field can lead to lead to failure to properly identify the hostname, which in turn could result in authorization bypass. For Debian 11 bullseye, this problem has been fixed in version 1.5.3-1+deb11u3. We recommend that you upgrade your node-url-parse packages. For the detailed security status of node-url-parse please refer to its security tracker page at: https://security-tracker.debian.org/tracker/node-url-parse Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmlBb14ACgkQgj6WdgbD S5YruA/9GDLJunpo4uvbwYVbt0PMtVSNGNcrceCVLDsZdzd3zbSpnPGzcXyRrab8 /Sf+EQgj/36xWNiAAyauz0ZufQNIAiX7fFbVnls0iAYq7hboRxHUrvrv0Z0+vfJk TG6hxUQtQ5ihRyboTt++Wi+uPx8CgwmAiTOAdGLCjS66javHzFF9+8o0ZXjBBIsr LpFsEHsfHeSOuu+yMeLx1Qi+8/sFGOew2oe+7c7E+nMuoCkAPyc606w/ZEFHMRay VwEgtnsjsRSptO9PgWN3KGUxq4xeoMIq7eVtWpPIGP+Qp27veuGQ0uCCFw97qGXJ +dWpz0N6h/4zsWtrm2mkN+wLeqsaawJuMY74CjojavdpV8jt3oFKH80YaW5u6BS+ ejDcm6pFsLHlddhykh4HfToK2RtKfEygsO4yR6iCLeb1PWQdr9WtU5wBIZs9EQY+ nt7FGwXIuFlB14Q4Gyp9R02FoZxIFtphjD6kXxSWZEp2sEa9940xRctxT0hFhHsm bwka1tNiwUrC09TTCPg28bHD1hIAzO5ddVVMMtiGx3wllgQGAeIn9nm3MxHoaGya 9YkYhqDU93ewRQmO/zbIla7oX66LXiVYei7GTRRTRvj9Ly+bfFwZf1GYQErxpfIA CnIKCuvaqu1B04Db3Iz1iwwbYYhJaLIPwDC8m0Pb6lBw28e1Y/c= =gjQh -----END PGP SIGNATURE-----
