Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/07/25 5:26 a.m.15 views

CVE-2025-8020

All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...

8.8CVSS6.3AI score0.00309EPSS
Exploits0References1
Circl
Circl
added 2025/07/23 7:8 a.m.8 views

CVE-2025-8020

creationtimestamp| type| source ---|---|--- 2025-07-23 07:08:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lumhjbpzsd23...

8.8CVSS6.4AI score0.00309EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/07/23 6:33 a.m.10 views

@0xvaibhav/--core (>=1.0.0 <=1.0.4), @0xvaibhav/divergent-node (>=0.0.1 <=0.0.3) +788 more potentially affected by CVE-2025-8020 via private-ip (>=1.0.5 <=3.0.2)

private-ip NPM version =1.0.5, =1.0.0, =0.0.1, =1.0.3, =0.0.1, =0.0.2, =9.3.0, =1.16.47, =1.16.47, =1.1.12, =1.16.33-beta-20241028-005826-60afb7c4, =1.16.47, =1.0.0, =1.16.47, =1.0.0, =1.0.35, =1.3.1 and more Source cves: CVE-2025-8020 Source advisory: OSV:GHSA-9H3Q-32C7-R533...

8.8CVSS5.7AI score0.00309EPSS
Exploits0
NVD
NVD
added 2025/07/23 5:15 a.m.7 views

CVE-2025-8020

All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...

8.8CVSS0.00309EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/23 5:0 a.m.14 views

CVE-2025-8020

All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...

8.8CVSS0.00309EPSS
Exploits0References2
CVE
CVE
added 2025/07/23 5:0 a.m.30 views

CVE-2025-8020

CVE-2025-8020 affects the private-ip package. All versions are reported vulnerable to Server-Side Request Forgery (SSRF) by accepting an IP/hostname that resolves to a multicast address (224.0.0.0/4), which is not excluded by the package’s private IP range checks. Multiple sources (RH, NVD, GitHu...

8.8CVSS7.1AI score0.00309EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/03/23 9:22 a.m.9 views

@0xvaibhav/--core (>=1.0.0 <=1.0.4), @0xvaibhav/divergent-node (>=0.0.1 <=0.0.3) +788 more potentially affected by CVE-2025-8020 via private-ip (>=1.0.5 <=3.0.2)

private-ip NPM version =1.0.5, =1.0.0, =0.0.1, =1.0.3, =0.0.1, =0.0.2, =9.3.0, =1.16.47, =1.16.47, =1.1.12, =1.16.33-beta-20241028-005826-60afb7c4, =1.16.47, =1.0.0, =1.16.47, =1.0.0, =1.0.35, =1.3.1 and more Source cves: CVE-2025-8020 Source advisory: SNYK:JS-PRIVATEIP-9510757...

8.8CVSS5.7AI score0.00309EPSS
Exploits0
Rows per page
Query Builder