The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat openshift Devspaces
|
|
CPEs | cpe:/a:redhat:openshift_devspaces:3::el8 | |
Vendors & Products |
Redhat openshift Devspaces
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-08T00:00:00
Updated: 2024-08-02T19:16:51.020Z
Reserved: 2023-09-08T00:00:00
Link: CVE-2023-42282
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-08T17:15:10.840
Modified: 2024-11-21T08:22:24.217
Link: CVE-2023-42282
Redhat