DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CVE-2024-29415

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-29415

Severity

8.1

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-29415
  • https://github.com/advisories/GHSA-2p57-rm9w-gvfp
  • https://security.netapp.com/advisory/ntap-20250117-0010/
  • https://github.com/indutny/node-ip/issues/150
  • https://github.com/indutny/node-ip/pull/143
  • https://github.com/indutny/node-ip/pull/144

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal