CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
35.9%
ip is vulnerable to Server Side Request Forgery. The vulnerability is due to the isPublic()
function’s failure to interpret and classify hexadecimal IP address representations. If an application utilizes the isPublic()
or isPrivate()
functions to determine if an address is public, an attacker can preform Server Side Request Forgery.
cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html
github.com/advisories/GHSA-78xj-cgh5-2h22
github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894
huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/
security.netapp.com/advisory/ntap-20240315-0008/
www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/