High severity8.1OSV Advisory· Published May 27, 2024· Updated Apr 15, 2026
CVE-2024-29415
CVE-2024-29415
Description
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ipnpm | <= 2.0.1 | — |
Affected products
12- osv-coords11 versionspkg:apk/chainguard/kibana-7pkg:apk/chainguard/kibana-7.17pkg:apk/chainguard/kibana-7-bitnamipkg:apk/chainguard/kibana-8pkg:apk/chainguard/kibana-8-bitnamipkg:apk/chainguard/kibana-8-iamguardedpkg:apk/chainguard/sqlpadpkg:apk/chainguard/sqlpad-compatpkg:apk/wolfi/sqlpadpkg:apk/wolfi/sqlpad-compatpkg:npm/ip
< 7.17.28-r0+ 10 more
- (no CPE)range: < 7.17.28-r0
- (no CPE)range: < 7.17.29-r0
- (no CPE)range: < 7.17.28-r0
- (no CPE)range: < 8.17.3-r1
- (no CPE)range: < 8.17.3-r1
- (no CPE)range: < 8.17.3-r1
- (no CPE)range: < 7.4.3-r0
- (no CPE)range: < 7.4.3-r0
- (no CPE)range: < 7.4.3-r0
- (no CPE)range: < 7.4.3-r0
- (no CPE)range: <= 2.0.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-2p57-rm9w-gvfpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-29415ghsaADVISORY
- github.com/indutny/node-ip/issues/150nvdWEB
- github.com/indutny/node-ip/pull/143nvdWEB
- github.com/indutny/node-ip/pull/144nvdWEB
- security.netapp.com/advisory/ntap-20250117-0010ghsaWEB
- security.netapp.com/advisory/ntap-20250117-0010/nvd
News mentions
0No linked articles in our index yet.