CVE-2023-42282 – nodejs-ip: arbitrary code execution via the isPublic() function

https://notcve.org/view.php?id=CVE-2023-42282

08 Feb 2024 — The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. Un problema en el paquete IP NPM v.1.1.8 y anteriores permite a un atacante ejecutar código arbitrario y obtener información confidencial a través de la función isPublic(). A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by... • https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html • CWE-918: Server-Side Request Forgery (SSRF) •