VYPR

npm package

ip

pkg:npm/ip

Vulnerabilities (2)

  • CVE-2024-29415HigMay 27, 2024
    affected <= 2.0.1

    The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for

  • CVE-2023-42282Feb 8, 2024
    affected >= 2.0.0, < 2.0.1fixed 2.0.1

    The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.