We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see ourdocumentation.
There was an error while loading.Please reload this page.
1 parent4c9fa23 commite6fa434Copy full SHA for e6fa434
SECURITY.md
@@ -33,6 +33,14 @@ acknowledge your responsible disclosure, if you wish.
33
34
##History
35
36
+>Incorrect handling of username and password can lead to authorization bypass.
37
+
38
+-**Reporter credits**
39
+- ranjit-git
40
+- GitHub:[@ranjit-git](https://github.com/ranjit-git)
41
+- Huntr report:https://www.huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b/
42
+- Fixed in: 1.5.6
43
44
>url-parse mishandles certain uses of a single (back) slash such as https:\ &
45
>https:/ and interprets the URI as a relative path. Browsers accept a single
46
>backslash after the protocol, and treat it as a normal slash, while url-parse