Team82 Logo Claroty

Team82 White Paper

Exploiting URL Parsing Confusion

In Team82's joint research with Snyk, we examined 16 URL parsing libraries, written in a variety of programming languages, and noticed some inconsistencies with how each chooses to parse a given URL to its basic components. We categorized the types of inconsistencies into five categories, and searched for problematic code flows in web applications and open source libraries that exposed a number of vulnerabilities.

Share
Share

Recent Vulnerability Disclosures

Claroty
LinkedIn Twitter YouTube Facebook