CGA-fgwx-7hh7-xcmr

Published

Last updated

https://images.chainguard.dev/security/CGA-fgwx-7hh7-xcmr

Package

kibana-8

Repository

Chainguard

Latest Update

Fixed

Fixed Version

8.17.3-r1

Aliases

CVE-2024-29415
GHSA-2p57-rm9w-gvfp

Severity

Unknown

Summary

ip SSRF improper categorization in isPublic

Description

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-29415
https://github.com/advisories/GHSA-2p57-rm9w-gvfp
https://github.com/indutny/node-ip/issues/150
https://github.com/indutny/node-ip/pull/143
https://github.com/indutny/node-ip/pull/144
https://github.com/indutny/node-ip
https://security.netapp.com/advisory/ntap-20250117-0010

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-fgwx-7hh7-xcmr

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources