Lucene search
MitreVULNRICHMENT:CVE-2024-29415HistoryJan 01, 1976 - 12:00 a.m.
CVE-2024-29415
1976-01-0100:00:00
mitre
github.com
5
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:*"
],
"vendor": "fedorindutny",
"product": "ip",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.0.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
CVE-2024-29415
2024-05-27 20:15:08
ip SSRF improper categorization in isPublic
2024-06-02 22:29:29
CGA-v7m6-h44m-vrvg
2024-06-19 07:34:58
cve
cve
CVE-2024-29415
2024-05-27 20:15:08
CVE-2023-42282
2024-02-08 17:15:10
ubuntucve
ubuntucve
CVE-2024-29415
2024-05-27 00:00:00
CVE-2023-42282
2024-02-09 00:00:00
redhatcve
redhatcve
CVE-2024-29415
2024-06-03 13:32:37
CVE-2023-42282
2024-02-23 16:35:58
cvelist
cvelist
CVE-2024-29415
1976-01-01 00:00:00
CVE-2023-42282
2024-02-08 00:00:00
nvd
nvd
CVE-2024-29415
2024-05-27 20:15:08
CVE-2023-42282
2024-02-08 17:15:10
debiancve
debiancve
CVE-2024-29415
2024-05-27 20:15:08
CVE-2023-42282
2024-02-08 17:15:10
github
github
ip SSRF improper categorization in isPublic
2024-06-02 22:29:29
NPM IP package incorrectly identifies some private IP addresses as public
2024-02-08 18:30:39
veracode
veracode
Server Side Request Forgery (SSRF)
2024-05-31 13:34:16
Server Side Request Forgery (SSRF)
2024-02-12 12:14:01
wolfi
wolfi
CVE-2024-29415 vulnerabilities
2024-09-19 09:11:50
CVE-2023-42282 vulnerabilities
2024-09-19 09:11:50
githubexploit
githubexploit
Exploit for CVE-2024-29415
2024-07-05 07:50:29
prion
prion
Design/Logic Flaw
2024-02-08 17:15:00
cbl_mariner
cbl_mariner
CVE-2023-42282 affecting package nodejs18 for versions less than 18.18.2-4
2024-03-05 17:52:42
CVE-2023-42282 affecting package nodejs for versions less than 20.14.0-1
2024-06-21 09:32:44
CVE-2023-42282 affecting package nodejs for versions less than 16.20.2-3
2024-03-05 17:52:42
ibm
ibm
nessus
nessus
openvas
openvas
Ubuntu: Security Advisory (USN-6643-1)
2024-02-20 00:00:00
ubuntu
ubuntu
NPM IP vulnerability
2024-02-19 00:00:00
cgr
cgr
CVE-2023-42282 vulnerabilities
2024-05-19 03:07:16
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
AI Score
7
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-29415