CVE-2024-29415

ip is vulnerable to SSRF

SSRF Pre-CVE Published May 27, 2024

High Risk

This Affects:

Are you affected? Scan for Free

TL;DR

NPM ip packages confuses public and private IPs, might lead to SSRF.

Who does this affect?

You're running any version of 'ip' up to 2.0.1

Background info

ip is vulnerable to SSRF.

How to fix this

This package is no longer maintained. Users should look for ways to stop using this package. For example, the latest version of NPM library 'socks' does not use this library any more.

High Risk

This Affects:

Are you affected? Scan for Free

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free

Book a Demo

Free. No credit card required.

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Stay up to date with all updates

LinkedIn YouTube X

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2Compliant

ISO 27001Compliant

CVE-2024-29415

This Affects:

TL;DR

Who does this affect?

Background info

How to fix this

This Affects:

Links

Fix PRs

Related Issue

Other

Are You Affected?