Home > Vulnerability Database > CVE-2023-42282

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-42282

Good to know:

Date: February 7, 2024

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Language: JS

Severity Score

9.8

Related Resources (13)

Url: https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894

Url: https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html

Url: https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/

Url: https://github.com/indutny/node-ip

Url: https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/

Url: https://github.com/indutny/node-ip/commit/32f468f1245574785ec080705737a579be1223aa

Url: https://github.com/github/advisory-database/pull/3504#issuecomment-1937179999

Url: https://security-tracker.debian.org/tracker/CVE-2023-42282

Url: https://security.netapp.com/advisory/ntap-20240315-0008/

Url: https://github.com/indutny/node-ip/pull/138

Url: https://github.com/JoshGlazebrook/socks/issues/93#issue-2128357447

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-42282

Url: https://www.mend.io/vulnerability-database/CVE-2023-42282

Severity Score

9.8

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version ip - 2.0.1;ip - 1.1.9

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Do you need more information?

Contact Us