VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-gzng-b4gs-xfhg

Essentials
Severities (23)
References (18)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-gzng-b4gs-xfhg
Aliases	CVE-2018-3774 GHSA-pv4c-p2j5-38j4
Summary	Open Redirect in url-parse
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-425	Direct Request ('Forced Browsing')
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	http://0xahmed.ninja/
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3774.json
epss	0.01747	https://api.first.org/data/v1/epss?cve=CVE-2018-3774
epss	0.01747	https://api.first.org/data/v1/epss?cve=CVE-2018-3774
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-pv4c-p2j5-38j4
cvssv3	7.5	https://github.com/nodejs/security-wg/blob/main/vuln/npm/456.json
cvssv3.1	10.0	https://github.com/unshiftio/url-parse
generic_textual	CRITICAL	https://github.com/unshiftio/url-parse
cvssv3.1	10.0	https://github.com/unshiftio/url-parse/commit/209c296d302317268afbe19700a70c63ecbeb2d2
generic_textual	CRITICAL	https://github.com/unshiftio/url-parse/commit/209c296d302317268afbe19700a70c63ecbeb2d2
cvssv3	7.5	https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
cvssv3.1	10.0	https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
generic_textual	CRITICAL	https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
cvssv3	7.5	https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
cvssv3.1	10.0	https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
generic_textual	CRITICAL	https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
cvssv3.1	10.0	https://github.com/unshiftio/url-parse/compare/0.2.3...1.0.0
generic_textual	CRITICAL	https://github.com/unshiftio/url-parse/compare/0.2.3...1.0.0
cvssv3	7.5	https://hackerone.com/reports/384029
cvssv3.1	10.0	https://hackerone.com/reports/384029
generic_textual	CRITICAL	https://hackerone.com/reports/384029
cvssv3.1	10.0	https://nvd.nist.gov/vuln/detail/CVE-2018-3774
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2018-3774

Reference id	Reference type	URL
		http://0xahmed.ninja/
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3774.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-3774
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3774
		https://github.com/unshiftio/url-parse
		https://github.com/unshiftio/url-parse/commit/209c296d302317268afbe19700a70c63ecbeb2d2
		https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
		https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
		https://github.com/unshiftio/url-parse/compare/0.0.4...0.1.0
		https://github.com/unshiftio/url-parse/compare/0.2.3...1.0.0
		https://hackerone.com/reports/384029
1940759		https://bugzilla.redhat.com/show_bug.cgi?id=1940759
456		https://github.com/nodejs/security-wg/blob/main/vuln/npm/456.json
906058		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906058
CVE-2018-3774		https://nvd.nist.gov/vuln/detail/CVE-2018-3774
GHSA-pv4c-p2j5-38j4		https://github.com/advisories/GHSA-pv4c-p2j5-38j4
RHSA-2021:3917		https://access.redhat.com/errata/RHSA-2021:3917
USN-5973-1		https://usn.ubuntu.com/5973-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3774.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/unshiftio/url-parse

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/unshiftio/url-parse/commit/209c296d302317268afbe19700a70c63ecbeb2d2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/unshiftio/url-parse/compare/0.2.3...1.0.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://hackerone.com/reports/384029

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-3774

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.82957
EPSS Score	0.01747
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:24:12.663104+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-pv4c-p2j5-38j4	38.6.0