Количество 2
Количество 2
CVE-2020-28360
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques.
GHSA-43ch-2h55-2vj7
Server-Side Request Forgery in private-ip
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-28360 Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques. | CVSS3: 9.8 | 2% Низкий | около 5 лет назад |
| GHSA-43ch-2h55-2vj7 Server-Side Request Forgery in private-ip | CVSS3: 9.8 | 2% Низкий | почти 5 лет назад |
Уязвимостей на страницу