CVE-2025-59436
- EPSS 0.01%
- Veröffentlicht 16.09.2025 00:00:00
- Zuletzt bearbeitet 16.09.2025 12:49:16
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
CVE-2025-59437
- EPSS 0.01%
- Veröffentlicht 16.09.2025 00:00:00
- Zuletzt bearbeitet 16.09.2025 12:49:16
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current...
CVE-2024-29415
- EPSS 86.51%
- Veröffentlicht 27.05.2024 20:15:08
- Zuletzt bearbeitet 17.01.2025 20:15:27
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists be...
CVE-2023-42282
- EPSS 0.75%
- Veröffentlicht 08.02.2024 17:15:10
- Zuletzt bearbeitet 15.05.2025 20:15:26
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.