Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/29 3:59 p.m.16 views

axios's shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)

Summary shouldBypassProxy, introduced in v1.15.0 to fix CVE-2025-62718, does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe still routes through the...

8.6CVSS7.3AI score0.00921EPSS
Exploits1References25Affected Software1
OSV
OSV
added 2026/03/07 5:19 a.m.5 views

CVE-2026-30827 express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers)

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. Th...

7.5CVSS5.7AI score0.00455EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/03 12:38 a.m.2 views

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through improper handling of client IP address normalization in the authentication rate-limiting process. An attacker can increase the...

6.9CVSS6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/08/19 3:55 a.m.3 views

golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses

A flaw was found in the Go language standard library net/netip. The method Is IsPrivate, IsPublic, etc doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to...

9.8CVSS7.2AI score0.01952EPSS
Exploits0References4
Rows per page
Query Builder