Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.9 views

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS7.8AI score0.02949EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/04/13 3:18 p.m.6 views

@commonshost/edge (>=2.0.0 <=2.14.0), @commonshost/server (>=6.5.0 <=6.17.0) +11 more potentially affected by CVE-2020-28360 via private-ip (=1.0.5)

private-ip NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on private-ip and may be impacted: - @commonshost/edge =2.0.0, =6.5.0, =0.1.0, =0.1.0, =1.2.11, =1.0.1, =1.1.0, =2.2.0, =0.2.1, =0.0.15-0, =1.0.1, =1.0.0, =1.3.0 Source cves:...

9.8CVSS7.2AI score0.02949EPSS
Exploits0
NVD
NVD
added 2020/11/23 9:15 p.m.51 views

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8CVSS9.7AI score0.02949EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/11/23 8:33 p.m.48 views

CVE-2020-28360

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...

9.8AI score0.02949EPSS
Exploits0References2
CVE
CVE
added 2020/11/23 8:33 p.m.56 views

CVE-2020-28360

CVE-2020-28360 describes an SSRF vulnerability in the npm package private-ip (versions 1.0.5 and earlier). The root cause is an insufficient RegEx filter for reserved IP ranges, allowing an attacker to craft requests to ARIN/other reserved ranges, which can lead to remote server-side resource req...

9.8CVSS9.7AI score0.02949EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder