Debian Node-Ip vulnerabilities

CVE-2025-59437 [HIGH] CVE-2025-59437: node-ip - The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the... The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection attempts to the IP address 0 (interpreted as 0.0.0.0) are blocked with e

CVE-2025-59436 [HIGH] CVE-2025-59436: node-ip - The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the... The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. Scope: local bookworm: resolved bullseye: resolved forky: open sid: open trixie: open

CVE-2024-29415 [CRITICAL] CVE-2024-29415: node-ip - The ip package through 2.0.1 for Node.js might allow SSRF because some IP addres... The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282. Scope: local bookworm: open bullseye: open forky: resolved (fixed i

CVE-2023-42282 [CRITICAL] CVE-2023-42282: node-ip - The ip package before 1.1.9 for Node.js might allow SSRF because some IP address... The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.0.1+~1.1.3-1) sid: resolved (fixed in 2.0.1+~1.1.3-1) trixie: resolved (fixed in 2.0.1+~1.1.3-1)