Critical severityNVD Advisory· Published Nov 23, 2020· Updated Aug 4, 2024
CVE-2020-28360
CVE-2020-28360
Description
Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
private-ipnpm | < 2.0.0 | 2.0.0 |
Affected products
2- private-ip/private-ipdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-43ch-2h55-2vj7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28360ghsaADVISORY
- github.com/frenchbread/private-ip/commit/840664c4b9ba7888c41cfee9666e9a593db133e9ghsaWEB
- johnjhacking.com/blog/cve-2020-28360ghsaWEB
- www.npmjs.com/package/private-ipghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.