Luke McFarlane

1 exploit Active since Feb 2024
CVE-2023-42282 WRITEUP CRITICAL WRITEUP
fedorindutny/ip < 1.1.9 and >=2.0.0 <2.0.1 - Server-Side Request Forgery via isPublic IP Validation
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
CVSS 9.8