MidnightBSD

Advisories for fedorindutny

CVE-2023-42282

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Products Affected

Vendor Product Version
fedorindutny ip 2.0.0
fedorindutny ip *