private-ip@2.1.0 vulnerabilities
Check if IP address is private.
-
latest version
3.0.2
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
5 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the private-ip package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
private-ip is a Check if IP address is private. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). An attacker can perform a large range of requests to ARIN reserved IP ranges, resulting in an indeterminable number of critical attack vectors, allowing remote attackers to request server-side resources or potentially execute arbitrary code through various SSRF techniques. Note: previous fix (2.2.0) was incomplete because it didn't take into account different representations of IPs. A complete fixed commit was released in 2.3.0 How to fix Server-side Request Forgery (SSRF)? Upgrade |
<2.3.0
|