cve/CVE-2023-42282.md at dd6a10065df501f0a524d47b55e162f16811ba93

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

845 B

Raw Blame History

CVE-2023-42282

Description

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

POC

Reference

https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html
https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/

Github

https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/seal-community/patches
https://github.com/vin01/bogus-cves

845 B Raw Blame History

CVE-2023-42282

Description

POC

Reference

Github

845 B

Raw Blame History