mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
845 B
845 B
CVE-2025-59436
&color=brightgreen)
Description
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
POC
Reference
- https://cosmosofcyberspace.github.io/CVE-Application-Document.html
- https://github.com/indutny/node-ip/issues/160