Fedorindutny Ip vulnerabilities
2 known vulnerabilities affecting fedorindutny/ip.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-29415HIGHCVSS 8.1PoC≤ 2.0.12024-05-27
CVE-2024-29415 [HIGH] CWE-918 CVE-2024-29415: The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1,
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
ghsanvdosv
CVE-2023-42282CRITICALCVSS 9.8fixed in 1.1.9v2.0.02024-02-08
CVE-2023-42282 [CRITICAL] CWE-918 CVE-2023-42282: The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1)
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
ghsanvdosv