N/A

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques.

N/A

N/A

Frenchbread Private-ip 代码问题漏洞

Frenchbread Private-ip是Frenchbread个人开发者的一个用于检查Ip是否为私有的Js代码库。 Frenchbread Private-ip package v1.0.5之前版本存在安全漏洞，该漏洞源于正则表达式不足，无法充分过滤保留的IP范围，导致SSRF不确定。攻击者可利用该漏洞可以对ARIN保留的IP范围执行大量请求，导致无法确定关键攻击向量的数量，从而允许远程攻击者可利用该漏洞通过各种SSRF技术请求服务器端资源或潜在地执行任意代码。

N/A

N/A