CVE-2024-29415
ADVISORY - githubSummary
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
EPSS Score: 0.02409 (0.845)
Common Weakness Enumeration (CWE)
ADVISORY - nist
ADVISORY - github
Server-Side Request Forgery (SSRF)
ADVISORY - gitlab
ADVISORY - redhat
Server-Side Request Forgery (SSRF)
NIST
CVSS SCORE
8.1highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-2p57-rm9w-gvfp
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.1highDebian
CREATED
UPDATED
ADVISORY IDCVE-2024-29415
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2024-29415
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2024-29415
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8highChainguard
CREATED
UPDATED
ADVISORY ID
CGA-6jw9-xfqr-g5hf
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-fgwx-7hh7-xcmr
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-v7m6-h44m-vrvg
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-