CVE-2018-3774
Open Redirect vulnerability in url-parse (npm)
What is CVE-2018-3774 About?
Versions of `url-parse` before 1.4.3 contain a vulnerability where they return an incorrect hostname. This can lead to Open Redirect, Server-Side Request Forgery (SSRF), or Bypass Authentication Protocol attacks. Exploitation is dependent on how the parsed URL is subsequently used in the application.
Affected Software
Technical Details
The vulnerability in url-parse versions prior to 1.4.3 specifically involves an issue where the library incorrectly parses and returns the hostname component of a URL. This misparsing can be triggered by specially crafted URLs. When an application uses the maliciously parsed hostname, it might redirect users to an attacker-controlled site (Open Redirect), make arbitrary requests to internal network resources (SSRF), or bypass intended authentication mechanisms. The core mechanism is the flawed extraction logic for the hostname, which can be manipulated to point to an unexpected or attacker-chosen domain.
What is the Impact of CVE-2018-3774?
Successful exploitation may allow attackers to redirect users to malicious sites, access internal network resources, or bypass authentication controls.
What is the Exploitability of CVE-2018-3774?
Exploitation of this vulnerability is of moderate complexity and requires remote access. It typically involves crafting a malicious URL that, when parsed by the vulnerable url-parse library, produces an incorrect hostname. No direct authentication is required for the initial URL parsing itself, but the impact (e.g., SSRF or authentication bypass) might depend on the context in which the application uses the parsed URL. The primary prerequisite is that the application uses url-parse and relies on its hostname output for security-sensitive operations. The risk is elevated in applications that process arbitrary URLs provided by users and then make network requests or enforce access controls based on the parsed hostname.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-3774?
About the Fix from Resolved Security
Available Upgrade Options
- url-parse
- <1.4.3 → Upgrade to 1.4.3
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
- https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
- https://github.com/advisories/GHSA-pv4c-p2j5-38j4
- https://hackerone.com/reports/384029
- https://nvd.nist.gov/vuln/detail/CVE-2018-3774
- https://osv.dev/vulnerability/GHSA-pv4c-p2j5-38j4
- https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
- https://www.npmjs.com/advisories/678
- https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a
- https://hackerone.com/reports/384029
What are Similar Vulnerabilities to CVE-2018-3774?
Similar Vulnerabilities: CVE-2022-2900 , CVE-2021-41223 , CVE-2020-14002 , CVE-2019-17565 , CVE-2017-1000046
