Debian Node-Ip vulnerabilities
2 known vulnerabilities affecting debian/node-ip.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2024-29415P2CRITICALCVSS 9.8PoCfixed in node-ip 2.0.1+~1.1.3-3 (forky)2024
CVE-2024-29415 [CRITICAL] CVE-2024-29415: node-ip - The ip package through 2.0.1 for Node.js might allow SSRF because some IP addres...
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed i
debian
CVE-2023-42282P3CRITICALCVSS 9.8fixed in node-ip 2.0.1+~1.1.3-1 (forky)2023
CVE-2023-42282 [CRITICAL] CVE-2023-42282: node-ip - The ip package before 1.1.9 for Node.js might allow SSRF because some IP address...
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 2.0.1+~1.1.3-1)
sid: resolved (fixed in 2.0.1+~1.1.3-1)
trixie: resolved (fixed in 2.0.1+~1.1.3-1)
debian