CVE-2023-42282
CVE-2023-42282
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.htmlhttps://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/https://security.netapp.com/advisory/ntap-20240315-0008/https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/