4 matches found
CVE-2024-28607
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...
CVE-2024-28607
CVE-2024-28607 affects the ip-utils package for Node.js up to version 2.4.0. The root cause is a faulty isPrivate check that can misclassify certain IPs (e.g., 0x7f.1) as globally routable, enabling SSRF. Documented impacts are SSRF risk; no explicit remediation or patch/version guidance is prese...
CVE-2024-28607
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...
CVE-2024-28607
creationtimestamp| type| source ---|---|--- 2025-03-10 19:36:55+00:00| seen| https://gist.github.com/aydinnyunus/4d71e7d9a433f3afc658724b903f4d23 2025-03-11 08:38:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7117 2025-03-11 11:46:20+00:00| seen|...