Описание
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 4 | io.cryostat-cryostat | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/console-mce-rhel9 | Fix deferred | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-compat-rhel9 | Fix deferred | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Fix deferred | ||
| Node HealthCheck Operator | workload-availability/node-healthcheck-must-gather-rhel9 | Fix deferred | ||
| Node HealthCheck Operator | workload-availability/node-healthcheck-operator-bundle | Fix deferred | ||
| Node HealthCheck Operator | workload-availability/node-healthcheck-rhel9-operator | Fix deferred | ||
| Node HealthCheck Operator | workload-availability/node-remediation-console-rhel9 | Fix deferred | ||
| OpenShift Serverless | openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
EPSS
3.2 Low
CVSS3
Связанные уязвимости
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
EPSS
3.2 Low
CVSS3