private-ip@2.3.4 vulnerabilities

Check if IP address is private.

latest version

3.0.2

first published

9 years ago

latest version published

1 years ago

licenses detected

MIT
>=0

View private-ip package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the private-ip package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Server-Side Request Forgery (SSRF) private-ip is a Check if IP address is private. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package's source code. How to fix Server-Side Request Forgery (SSRF)? There is no fixed version for `private-ip`.	*

Server-Side Request Forgery (SSRF)

private-ip is a Check if IP address is private.

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the package's source code.

How to fix Server-Side Request Forgery (SSRF)?

There is no fixed version for private-ip.

Go back to all versions of this package