ip-1.1.5.tgz: 1 vulnerabilities (highest severity is: 5.3) - autoclosed #901
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
mend-for-github-com
bot
changed the title
|
ℹ️ This issue was automatically closed by Mend because it is a duplicate of an existing issue: #945 |
mend-for-github-com
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[](https://www.npmjs.com/package/ip)
Library home page: https://registry.npmjs.org/ip/-/ip-1.1.5.tgz
Found in HEAD commit: 7f99c836ea749efa113ef0ccdc60bfe4cbbfa856
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - ip-1.1.5.tgz
[](https://www.npmjs.com/package/ip)
Library home page: https://registry.npmjs.org/ip/-/ip-1.1.5.tgz
Dependency Hierarchy:
Found in HEAD commit: 7f99c836ea749efa113ef0ccdc60bfe4cbbfa856
Found in base branch: unstable
Vulnerability Details
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Publish Date: 2024-02-08
URL: CVE-2023-42282
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 4 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: N/A
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
For more information on CVSS4 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: GHSA-78xj-cgh5-2h22
Release Date: 2024-02-08
Fix Resolution: 1.1.9
The text was updated successfully, but these errors were encountered: