Arbitrary Code Execution and Information Disclosure Vulnerability in NPM IP Package v.1.1.8 and Earlier

Arbitrary Code Execution and Information Disclosure Vulnerability in NPM IP Package v.1.1.8 and Earlier

CVE-2023-42282 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Learn more about our Web Application Penetration Testing UK.