Sign In

CVE-2023-42282

SOURCE - github

Summary

The isPublic() function in the NPM package ip doesn't correctly identify certain private IP addresses in uncommon formats such as 0x7F.1 as private. Instead, it reports them as public by returning true. This can lead to security issues such as Server-Side Request Forgery (SSRF) if isPublic() is used to protect sensitive code paths when passed user input. Versions 1.1.9 and 2.0.1 fix the issue.

EPSS Score: 0.00084 (0.354)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-918

Server-Side Request Forgery (SSRF)

SOURCE - github

CWE-918

Server-Side Request Forgery (SSRF)

SOURCE - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-918

Server-Side Request Forgery (SSRF)

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Sources (8)

Impacted images

github

CREATED

UPDATED

SOURCE IDGHSA-78xj-cgh5-2h22
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-918

CVSS SCORE

N/Amedium
PackageTypeOS NameOS VersionAffected RangesFix Versions
ipnpm-->=2.0.0,<2.0.12.0.1
ipnpm--<1.1.91.1.9

Severity and metrics

No CVSS data available from this source.

nist

CREATED

UPDATED

SOURCE IDCVE-2023-42282
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-918

CVSS SCORE

9.8critical

debian

CREATED

UPDATED

SOURCE IDCVE-2023-42282
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED

UPDATED

SOURCE IDCVE-2023-42282
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium

gitlab

CREATED

UPDATED

SOURCE ID

CVE-2023-42282

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-918CWE-937

CVSS SCORE

9.8critical

chainguard

CREATED

UPDATED

SOURCE ID

CVE-2023-42282

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

wolfi

CREATED

UPDATED

SOURCE ID

CVE-2023-42282

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

inthewild

CREATED

UPDATED

SOURCE IDCVE-2023-42282
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE