2 matches found
DEBIAN-CVE-2024-29415
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...
PT-2024-4071
Name of the Vulnerable Software and Affected Versions: ip package versions through 2.0.1 for Node.js Description: The issue is related to the improper categorization of certain IP addresses as globally routable via the isPublic function, which might allow Server-Side Request Forgery SSRF attacks...