Описание
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.
Отчет
It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability. While the vulnerability in the NPM IP Package presents a significant security concern, it's categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources. Red Hat Developer Hub contains a fix in 1.1-91 version.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Node HealthCheck Operator | workload-availability/node-remediation-console-rhel8 | Affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Out of support scope | ||
| Red Hat Advanced Cluster Security 4 | advanced-cluster-security/rhacs-main-rhel8 | Not affected | ||
| Red Hat Enterprise Linux 8 | nodejs:16/nodejs | Not affected | ||
| Red Hat Enterprise Linux 8 | nodejs:18/nodejs | Not affected | ||
| Red Hat Enterprise Linux 8 | nodejs:20/nodejs | Not affected | ||
| Red Hat Enterprise Linux 9 | nodejs | Not affected | ||
| Red Hat Enterprise Linux 9 | nodejs:18/nodejs | Not affected | ||
| Red Hat Enterprise Linux 9 | nodejs:20/nodejs | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
The ip package before 1.1.9 for Node.js might allow SSRF because some ...
NPM IP package incorrectly identifies some private IP addresses as public
EPSS
9.8 Critical
CVSS3