The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat openshift Devspaces |
|
CPEs | cpe:/a:redhat:openshift_devspaces:3::el8 | |
Vendors & Products |
Redhat
Redhat openshift Devspaces |
Fri, 16 Aug 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-941 | |
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-16T13:39:39.225Z
Reserved:
Link: CVE-2024-29415
Vulnrichment
Updated: 2024-08-02T01:10:55.450Z
NVD
Status : Awaiting Analysis
Published: 2024-05-27T20:15:08.970
Modified: 2024-11-21T09:08:01.093
Link: CVE-2024-29415
Redhat