{"url":"http://public2.vulnerablecode.io/api/packages/60955?format=json","purl":"pkg:npm/url-js@2.1.0","type":"npm","namespace":"","name":"url-js","version":"2.1.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42628?format=json","vulnerability_id":"VCID-u6c9-pqta-s3ca","summary":"Improper Input Validation in url-js\nThe package url-js before 2.1.0 is vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.","references":[{"reference_url":"https://github.com/duzun/URL.js/commit/9dc9fcc99baa4cbda24403d81a589e9b0f4121d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/duzun/URL.js/commit/9dc9fcc99baa4cbda24403d81a589e9b0f4121d0"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-URLJS-2414030","reference_id":"","reference_type":"","scores":[],"url":"https://snyk.io/vuln/SNYK-JS-URLJS-2414030"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25839","reference_id":"CVE-2022-25839","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25839"},{"reference_url":"https://github.com/advisories/GHSA-rf54-44jr-q5vf","reference_id":"GHSA-rf54-44jr-q5vf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rf54-44jr-q5vf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60955?format=json","purl":"pkg:npm/url-js@2.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/url-js@2.1.0"}],"aliases":["CVE-2022-25839","GHSA-rf54-44jr-q5vf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u6c9-pqta-s3ca"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/url-js@2.1.0"}