The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
References
Link | Resource |
---|---|
https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html | Exploit Third Party Advisory |
https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894 | Patch |
https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/ | Exploit Technical Description |
https://security.netapp.com/advisory/ntap-20240315-0008/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Mar 2024, 19:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.netapp.com/advisory/ntap-20240315-0008/ - Third Party Advisory | |
CPE | cpe:2.3:a:fedorindutny:ip:2.0.0:*:*:*:*:node.js:*:* |
15 Mar 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Mar 2024, 15:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fedorindutny:ip:2.0.0:*:*:*:*:*:*:* | |
References | () https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894 - Patch | |
References | () https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/ - Exploit, Technical Description |
03 Mar 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. |
15 Feb 2024, 03:27
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-918 | |
Summary |
|
|
First Time |
Fedorindutny
Fedorindutny ip |
|
References | () https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:* |
08 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 17:15
Updated : 2024-03-15 19:25
NVD link : CVE-2023-42282
Mitre link : CVE-2023-42282
CVE.ORG link : CVE-2023-42282
JSON object : View
Products Affected
fedorindutny
- ip
CWE
CWE-918
Server-Side Request Forgery (SSRF)