Security Bulletin: Astronomer with IBM is vulnerable to server-side request forgery due to the node-ip package (CVE-2025-59436, CVE-2025-59437)
Summary Node-ip is used by Astronomer with IBM as part of IP address processing functionality. Vulnerability Details CVEID:CVE-2025-59436 DESCRIPTION: The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally...