exploitDog

GHSA-62ww-4cxc-jj93

Опубликовано: 11 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 2.9

Описание

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.

Ссылки

EPSS

Процентиль: 3%

0.00015

Низкий

2.9 Low

CVSS3

CVE ID

Дефекты

CWE-180

Связанные уязвимости

CVE-2024-28607

CVSS3: 2.9

nvd

11 месяцев назад

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.

EPSS

Процентиль: 3%

0.00015

Низкий

2.9 Low

CVSS3

CVE ID

Дефекты

CWE-180