Описание
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Ссылки
- ExploitThird Party Advisory
- Patch
- ExploitTechnical Description
- Third Party Advisory
- Press/Media Coverage
- ExploitThird Party Advisory
- Patch
- ExploitTechnical Description
- Third Party Advisory
- Press/Media Coverage
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.9 (исключая)
Одно из
cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:*
cpe:2.3:a:fedorindutny:ip:2.0.0:*:*:*:*:node.js:*:*
EPSS
Процентиль: 67%
0.00539
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 2 года назад
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVSS3: 9.8
redhat
почти 2 года назад
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVSS3: 9.8
debian
почти 2 года назад
The ip package before 1.1.9 for Node.js might allow SSRF because some ...
github
почти 2 года назад
NPM IP package incorrectly identifies some private IP addresses as public
EPSS
Процентиль: 67%
0.00539
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-918
CWE-918