Open mend-for-github-com[bot] opened 4 months ago
Uh oh! @mend-for-github-com[bot], the image you shared is missing helpful alt text. Check your issue body.
Alt text is an invisible description that helps screen readers describe images to blind or low-vision users. If you are using markdown to display images, add your alt text inside the brackets of the markdown image.
Learn more about alt text at Basic writing and formatting syntax: images on GitHub Docs.
🤖 Beep boop! This comment was added automatically by github/accessibility-alt-text-bot.
Vulnerable Library - puppeteer-22.6.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-29415
### Vulnerable Library - ip-2.0.1.tgzLibrary home page: https://registry.npmjs.org/ip/-/ip-2.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /package.json
Dependency Hierarchy: - puppeteer-22.6.2.tgz (Root Library) - browsers-2.2.0.tgz - proxy-agent-6.4.0.tgz - socks-proxy-agent-8.0.2.tgz - socks-2.7.1.tgz - :x: **ip-2.0.1.tgz** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsThe ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.
Publish Date: 2024-05-27
URL: CVE-2024-29415
### CVSS 3 Score Details (9.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None
For more information on CVSS3 Scores, click here.