Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:3 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to server-side request forgery due to the node-ip package (CVE-2025-59436, CVE-2025-59437)

Summary Node-ip is used by Astronomer with IBM as part of IP address processing functionality. Vulnerability Details CVEID:CVE-2025-59436 DESCRIPTION: The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally...

3.2CVSS6.6AI score0.00115EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/17 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-59436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via...

3.2CVSS5.5AI score0.00115EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/16 8:9 p.m.2 views

CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. Mitigation Mitigation for this issue is either not...

8.1CVSS8.7AI score0.08279EPSS
Exploits0References5
OSV
OSV
added 2025/09/16 6:16 a.m.3 views

UBUNTU-CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...

3.2CVSS5.8AI score0.00115EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/09/16 2:44 a.m.7 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 007-nodejs (>=2.5.0 <=2.5.3) +46037 more potentially affected by CVE-2024-29415 +1 more via ip (>=0.0.1 <=2.0.1)

ip NPM version =0.0.1, =1.0.1, =2.5.0, =2.5.3 - 0726react =0.1.1 - 0me.sh =0.1.15 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

8.1CVSS6.8AI score0.08279EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/16 2:44 a.m.11 views

org.webjars.npm:bonjour (=3.5.0), org.webjars.npm:dns-packet (>=1.3.1 <=4.2.0) +10 more potentially affected by CVE-2024-29415 +1 more via org.webjars.npm:ip (>=1.1.5 <=2.0.0)

org.webjars.npm:ip MAVEN version =1.1.5, =1.3.1, =1.0.1, =6.2.3, =4.2.0, =1.1.10, =3.0.1, =4.0.2 - org.webjars.npm:splitsoftwaresplitio =10.8.4 Source cves: CVE-2024-29415, CVE-2025-59436 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14101892...

8.1CVSS6.9AI score0.08279EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2025/09/16 12:0 a.m.2 views

CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...

3.2CVSS5.8AI score0.00115EPSS
Exploits0References2
Rows per page
Query Builder