Low severityNVD Advisory· Published Feb 8, 2024· Updated May 15, 2025
CVE-2023-42282
CVE-2023-42282
Description
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ipnpm | >= 2.0.0, < 2.0.1 | 2.0.1 |
ipnpm | < 1.1.9 | 1.1.9 |
Affected products
17- Node.js/ip packagedescription
- osv-coords16 versionspkg:apk/chainguard/lernapkg:apk/chainguard/node-gyppkg:apk/chainguard/nodejs-14pkg:apk/chainguard/npmpkg:apk/chainguard/npm-docpkg:apk/chainguard/renovatepkg:apk/chainguard/sqlpadpkg:apk/chainguard/sqlpad-compatpkg:apk/wolfi/lernapkg:apk/wolfi/node-gyppkg:apk/wolfi/npmpkg:apk/wolfi/npm-docpkg:apk/wolfi/renovatepkg:apk/wolfi/sqlpadpkg:apk/wolfi/sqlpad-compatpkg:npm/ip
< 8.1.2-r1+ 15 more
- (no CPE)range: < 8.1.2-r1
- (no CPE)range: < 10.1.0-r0
- (no CPE)range: < 14.21.3-r1
- (no CPE)range: < 10.4.0-r1
- (no CPE)range: < 10.4.0-r1
- (no CPE)range: < 37.186.1-r0
- (no CPE)range: < 7.4.1-r1
- (no CPE)range: < 7.4.1-r1
- (no CPE)range: < 8.1.2-r1
- (no CPE)range: < 10.1.0-r0
- (no CPE)range: < 10.4.0-r1
- (no CPE)range: < 10.4.0-r1
- (no CPE)range: < 37.186.1-r0
- (no CPE)range: < 7.4.1-r1
- (no CPE)range: < 7.4.1-r1
- (no CPE)range: >= 2.0.0, < 2.0.1
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-78xj-cgh5-2h22ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-42282ghsaADVISORY
- cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.htmlghsaWEB
- github.com/JoshGlazebrook/socks/issues/93ghsaWEB
- github.com/github/advisory-database/pull/3504ghsaWEB
- github.com/indutny/node-ip/commit/32f468f1245574785ec080705737a579be1223aaghsaWEB
- github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894ghsaWEB
- github.com/indutny/node-ip/pull/138ghsaWEB
- huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/mitre
- security.netapp.com/advisory/ntap-20240315-0008/mitre
- www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/mitre
News mentions
0No linked articles in our index yet.