The cybersecurity researchers at Synk and Team82 have recently identified multiple bugs in URL parsing libraries that could allow attackers to perform several attacks and among them the most brutal attacks are like:- DoS (Denial-of-service) Remote code execution (RCE) Spoofing Data Breaches While due to these bugs various web apps are also impacted, and it is claimed that all these bugs are raised from the inconsistencies of the affected parsing libraries. In analysis, a total of 16 URL parsing libraries was analyzed and among them, it has been found that eight vulnerabilities that are largely occurred due to the following reasons:- Multiple Parsers in Use Specification Incompatibility And here we have also mentioned those eight vulnerabilities below:- Flask-security (Python, CVE-2021-23385) Flask-security-too (Python, CVE-2021-32618) Flask-User (Python, CVE-2021-23401) Flask-unchained (Python, CVE-2021-23393) Belledonne’s SIP Stack (C, CVE-2021-33056) Video.js (JavaScript, CVE-2021-23414) Nagios XI (PHP, CVE-2021-37352) Clearance (Ruby, CVE-2021-23435) URL Parsing Inconsistencies Discovered In total five categories of URL parsing inconsistencies were discovered and here they are:- Scheme Confusion:

Read full article on GBHackers