DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-29415

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-29415

CGA ID

CGA-5xw9-rmc4-rgr4

Severity

8.1

High

CVSS V3

Summary

ip SSRF improper categorization in isPublic

Description

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

References

  • https://images.chainguard.dev/security/CGA-5xw9-rmc4-rgr4

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images