-
Notifications
You must be signed in to change notification settings - Fork 5
/
yarn-audit-known-issues
1 lines (1 loc) · 1.55 KB
/
yarn-audit-known-issues
1
{"actions":[],"advisories":{"1097346":{"findings":[{"version":"1.1.9","paths":["node-sass>make-fetch-happen>socks-proxy-agent>socks>ip","node-sass>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip","node-sass>nan>node-gyp>make-fetch-happen>socks-proxy-agent>socks>ip"]}],"metadata":null,"vulnerable_versions":"<=2.0.1","module_name":"ip","severity":"high","github_advisory_id":"GHSA-2p57-rm9w-gvfp","cves":["CVE-2024-29415"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":0,"vectorString":null},"updated":"2024-06-02T22:29:30.000Z","recommendation":"None","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1097346,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2024-29415\n- https://github.com/indutny/node-ip/issues/150\n- https://github.com/indutny/node-ip/pull/143\n- https://github.com/indutny/node-ip/pull/144\n- https://github.com/advisories/GHSA-2p57-rm9w-gvfp","created":"2024-06-02T22:29:29.000Z","reported_by":null,"title":"ip SSRF improper categorization in isPublic","npm_advisory_id":null,"overview":"The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.","url":"https://github.com/advisories/GHSA-2p57-rm9w-gvfp"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":0,"high":3,"critical":0},"dependencies":453,"devDependencies":1,"optionalDependencies":0,"totalDependencies":454}}