Skip to content

Solve CVE-2023-42282 vulnerability #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 19, 2024
Merged

Solve CVE-2023-42282 vulnerability #60

merged 1 commit into from
Feb 19, 2024

Conversation

@marcomontalbano
Copy link
Member

@marcomontalbano marcomontalbano commented Feb 19, 2024

What I did

Solved CVE-2023-42282 vulnerability.

Details

NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks.

An issue in all published versions of the NPM package ip allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function. This can lead to potential Server-Side Request Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between public and private IP addresses.

Affected package: node-ip

Checklist

  • Make sure your changes are tested (stories and/or unit, integration, or end-to-end tests).
  • Make sure to add/update documentation regarding your changes.
  • You are NOT deprecating/removing a feature.

@marcomontalbano marcomontalbano changed the title deps: fix 'CVE-2023-42282' vulnerability Fix 'CVE-2023-42282' vulnerability Feb 19, 2024
@marcomontalbano marcomontalbano self-assigned this Feb 19, 2024
@marcomontalbano marcomontalbano added ignore-for-release Ignore this issue or pull request from release notes security p1 Security priority: High labels Feb 19, 2024
@marcomontalbano marcomontalbano changed the title Fix 'CVE-2023-42282' vulnerability Solve CVE-2023-42282 vulnerability Feb 19, 2024
@marcomontalbano marcomontalbano merged commit be81ca0 into main Feb 19, 2024
@marcomontalbano marcomontalbano deleted the fix-CVE-2023-42282 branch February 19, 2024 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@marcomontalbano marcomontalbano

Labels

ignore-for-release Ignore this issue or pull request from release notes p1 Security priority: High security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marcomontalbano