VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-bs8v-khzf-9qad

Essentials
Severities (16)
References (14)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-bs8v-khzf-9qad
Aliases	CVE-2022-0686 GHSA-hgjh-723h-mx2j
Summary	Authorization Bypass Through User-Controlled Key in url-parse
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-639	Authorization Bypass Through User-Controlled Key
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	9.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0686.json
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-0686
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2022-0686
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-hgjh-723h-mx2j
cvssv3.1	9.1	https://github.com/unshiftio/url-parse
generic_textual	CRITICAL	https://github.com/unshiftio/url-parse
cvssv3.1	9.1	https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5
generic_textual	CRITICAL	https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5
cvssv3.1	9.1	https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
generic_textual	CRITICAL	https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
cvssv3.1	9.1	https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
cvssv3.1	9.1	https://nvd.nist.gov/vuln/detail/CVE-2022-0686
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2022-0686
cvssv3.1	9.1	https://security.netapp.com/advisory/ntap-20220325-0006
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20220325-0006

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0686.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-0686
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686
		https://github.com/unshiftio/url-parse
		https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5
		https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c
		https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html
		https://security.netapp.com/advisory/ntap-20220325-0006
		https://security.netapp.com/advisory/ntap-20220325-0006/
2060018		https://bugzilla.redhat.com/show_bug.cgi?id=2060018
CVE-2022-0686		https://nvd.nist.gov/vuln/detail/CVE-2022-0686
GHSA-hgjh-723h-mx2j		https://github.com/advisories/GHSA-hgjh-723h-mx2j
RHSA-2022:6429		https://access.redhat.com/errata/RHSA-2022:6429
USN-5973-1		https://usn.ubuntu.com/5973-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0686.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/unshiftio/url-parse

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2023/02/msg00030.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-0686

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20220325-0006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.27422
EPSS Score	0.00101
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:28:19.811035+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-hgjh-723h-mx2j	38.6.0