From 78e9f2f41285d83e7d91706be5bd439656fe3bc3 Mon Sep 17 00:00:00 2001 From: Luigi Pinca Date: Sun, 13 Feb 2022 20:40:49 +0100 Subject: [PATCH] [security] Fix nits --- SECURITY.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index f3e7892..af05717 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -41,14 +41,16 @@ acknowledge your responsible disclosure, if you wish. - Huntr report: https://www.huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b/ - Fixed in: 1.5.6 +--- + > url-parse mishandles certain uses of a single (back) slash such as https:\ & > https:/ and interprets the URI as a relative path. Browsers accept a single > backslash after the protocol, and treat it as a normal slash, while url-parse > sees it as a relative path. - **Reporter credits** - - Ready-Research - - GitHub: [@Ready-Reserach](https://github.com/ready-research) + - ready-research + - GitHub: [@ready-research](https://github.com/ready-research) - Huntr report: https://www.huntr.dev/bounties/1625557993985-unshiftio/url-parse/ - Fixed in: 1.5.2