Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7k2e-h442-budm
Vulnerability ID VCID-7k2e-h442-budm
Aliases CVE-2021-3664
GHSA-hh27-ffr2-f2jc
Summary url-parse is vulnerable to URL Redirection to Untrusted Site
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3664.json
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2021-3664
epss 0.00239 https://api.first.org/data/v1/epss?cve=CVE-2021-3664
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-hh27-ffr2-f2jc
cvssv3.1 6.1 https://github.com/github/advisory-database/pull/6764
generic_textual MODERATE https://github.com/github/advisory-database/pull/6764
cvssv3.1 6.1 https://github.com/unshiftio/url-parse
generic_textual MODERATE https://github.com/unshiftio/url-parse
cvssv3.1 6.1 https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
generic_textual MODERATE https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
cvssv3.1 6.1 https://github.com/unshiftio/url-parse/issues/205
generic_textual MODERATE https://github.com/unshiftio/url-parse/issues/205
cvssv3.1 6.1 https://github.com/unshiftio/url-parse/issues/206
generic_textual MODERATE https://github.com/unshiftio/url-parse/issues/206
cvssv3.1 6.1 https://huntr.dev/bounties/1625557993985-unshiftio/url-parse
generic_textual MODERATE https://huntr.dev/bounties/1625557993985-unshiftio/url-parse
cvssv3.1 6.1 https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
generic_textual MODERATE https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3664
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2021-3664
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3664.json
https://api.first.org/data/v1/epss?cve=CVE-2021-3664
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3664
https://github.com/github/advisory-database/pull/6764
https://github.com/unshiftio/url-parse
https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
https://github.com/unshiftio/url-parse/issues/205
https://github.com/unshiftio/url-parse/issues/206
https://huntr.dev/bounties/1625557993985-unshiftio/url-parse
https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3664
1989389 https://bugzilla.redhat.com/show_bug.cgi?id=1989389
991577 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991577
GHSA-hh27-ffr2-f2jc https://github.com/advisories/GHSA-hh27-ffr2-f2jc
USN-5973-1 https://usn.ubuntu.com/5973-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3664.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/github/advisory-database/pull/6764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/unshiftio/url-parse
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/unshiftio/url-parse/issues/205
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/unshiftio/url-parse/issues/206
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://huntr.dev/bounties/1625557993985-unshiftio/url-parse
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-3664
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.47251
EPSS Score 0.00239
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:28:37.854943+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0