VDB
DEBIAN-CVE-2023-42282
DEBIAN-CVE-2023-42282
PUBLISHED
CVSS 9.800000190734863 CRITICAL
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | node-ip | 2.0.1, 0, 1.1.5+~1.1.0-1 |
| Debian:12 | node-ip | 0, 2.0.0+~1.1.0-1, 2.0.1+~1.1.3-1 |
| Debian:14 | node-ip | 0, 0, 0 |
| Debian:13 | node-ip | 0, 0, 0 |
Exploit Intelligence
- summary.html (github-poc)
- test_outputs.py (github-poc)
Timeline
- Feb 8, 2024 CVE Published
- Apr 28, 2026 CVE Updated