CVE-2023-42282

Опубликовано: 08 фев. 2024

Источник: ubuntu

Приоритет: medium

CVSS3: 9.8

Описание

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	released	2.0.0+~1.1.0-1ubuntu1
esm-apps/bionic	released	1.1.5-1ubuntu0.1~esm1
esm-apps/focal	released	1.1.5-5ubuntu0.1~esm1
esm-apps/jammy	released	1.1.5+~1.1.0-1ubuntu0.1~esm1
esm-apps/noble	released	2.0.0+~1.1.0-1ubuntu1
focal	ignored	end of standard support, was needed
jammy	needed
mantic	released	2.0.0+~1.1.0-1ubuntu0.1
noble	released	2.0.0+~1.1.0-1ubuntu1

Показывать по

Ссылки на источники

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2023-42282

CVSS3: 9.8

redhat

около 2 лет назад

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

CVE-2023-42282

CVSS3: 9.8

nvd

почти 2 года назад

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

CVE-2023-42282

CVSS3: 9.8

msrc

почти 2 года назад

Описание отсутствует

CVE-2023-42282

CVSS3: 9.8

debian

почти 2 года назад

The ip package before 1.1.9 for Node.js might allow SSRF because some ...

GHSA-78xj-cgh5-2h22

github

почти 2 года назад

NPM IP package incorrectly identifies some private IP addresses as public

9.8 Critical

CVSS3

CVE-2023-42282

Описание

Пакет node-ip

Ссылки на источники

Связанные уязвимости