The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
History

Wed, 27 Nov 2024 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift_devspaces:3::el8
Vendors & Products Redhat openshift Devspaces

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-08T00:00:00

Updated: 2024-08-02T19:16:51.020Z

Reserved: 2023-09-08T00:00:00

Link: CVE-2023-42282

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-02-08T17:15:10.840

Modified: 2024-11-21T08:22:24.217

Link: CVE-2023-42282

cve-icon Redhat

Severity : Important

Publid Date: 2024-02-08T00:00:00Z

Links: CVE-2023-42282 - Bugzilla