VDB

DEBIAN-CVE-2025-59436

DEBIAN-CVE-2025-59436 PUBLISHED CVSS 3.200000047683716 LOW

The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.

Risk Scores

CVSS v3.1
3.200000047683716
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected Products

VendorProductVersions
Debian:13node-ip0, 2.0.1+~1.1.3-3, 0
Debian:14node-ip0, 2.0.1+~1.1.3-3, 0

Timeline

  • Sep 16, 2025 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›