6 matches found
Security Bulletin: Astronomer with IBM is vulnerable to server-side request forgery due to the node-ip package (CVE-2025-59436, CVE-2025-59437)
Summary Node-ip is used by Astronomer with IBM as part of IP address processing functionality. Vulnerability Details CVEID:CVE-2025-59436 DESCRIPTION: The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally...
Linux Distros Unpatched Vulnerability : CVE-2025-59437
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOT...
CVE-2025-59437
The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection...
CVE-2025-59437
creationtimestamp| type| source ---|---|--- 2025-09-16 05:02:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lywk5kpazs2x...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 007-nodejs (>=2.5.0 <=2.5.3) +46037 more potentially affected by CVE-2024-29415 +1 more via ip (>=0.0.1 <=2.0.1)
ip NPM version =0.0.1, =1.0.1, =2.5.0, =2.5.3 - 0726react =0.1.1 - 0me.sh =0.1.15 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...
CVE-2025-59437
Technical details about CVE-2025-59437 are not provided in the connected documents; no affected products, impact, or fixes are listed here. Monitor for updates.