5 matches found
CVE-2020-28360
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...
@commonshost/edge (>=2.0.0 <=2.14.0), @commonshost/server (>=6.5.0 <=6.17.0) +11 more potentially affected by CVE-2020-28360 via private-ip (=1.0.5)
private-ip NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on private-ip and may be impacted: - @commonshost/edge =2.0.0, =6.5.0, =0.1.0, =0.1.0, =1.2.11, =1.0.1, =1.1.0, =2.2.0, =0.2.1, =0.0.15-0, =1.0.1, =1.0.0, =1.3.0 Source cves:...
CVE-2020-28360
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...
CVE-2020-28360
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote...
CVE-2020-28360
CVE-2020-28360 describes an SSRF vulnerability in the npm package private-ip (versions 1.0.5 and earlier). The root cause is an insufficient RegEx filter for reserved IP ranges, allowing an attacker to craft requests to ARIN/other reserved ranges, which can lead to remote server-side resource req...