CGA-5xw9-rmc4-rgr4

Published

Last updated

https://images.chainguard.dev/security/CGA-5xw9-rmc4-rgr4

Package

vitess-18.0

Latest Update

Pending upstream fix

Aliases

CVE-2024-29415
GHSA-2p57-rm9w-gvfp

Severity

8.1

High

CVSS V3

Summary

ip SSRF improper categorization in isPublic

Description

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-29415
https://github.com/advisories/GHSA-2p57-rm9w-gvfp
https://github.com/indutny/node-ip/issues/150
https://github.com/indutny/node-ip/pull/143
https://github.com/indutny/node-ip/pull/144
https://github.com/indutny/node-ip
https://security.netapp.com/advisory/ntap-20250117-0010

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-5xw9-rmc4-rgr4

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources