Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection attempts to the IP address 0 (interpreted as 0.0.0.0) are blocked with error messages such as net::ERR_ADDRESS_INVALID. However, in some situations that depend on both application version and operating system, connection attempts to 0 and 0.0.0.0 are considered connection attempts to 127.0.0.1 (and, for this reason, a false value of isPublic would be preferable).
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
node-ip 代码问题漏洞
Vulnerability Description
node-ip是indutny个人开发者的一个 node.js 模块。 node-ip 2.0.1及之前版本存在代码问题漏洞,该漏洞源于IP地址值0被错误分类为全局可路由,可能导致服务端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A