CVE-2023-42282

CRITICAL

9.8

Description

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie2/8/2024

Derniere modification5/15/2025

Sourcenvd

Observations honeypot0

Produits affectes

fedorindutny:ip

Faiblesses (CWE)

CWE-918CWE-918

References

https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html(cve@mitre.org)

https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894(cve@mitre.org)

https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/(cve@mitre.org)

https://security.netapp.com/advisory/ntap-20240315-0008/(cve@mitre.org)

https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/(cve@mitre.org)

https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894(af854a3a-2127-422b-91ae-364da2661108)

https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/(af854a3a-2127-422b-91ae-364da2661108)

https://security.netapp.com/advisory/ntap-20240315-0008/(af854a3a-2127-422b-91ae-364da2661108)

https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.