Closed mend-for-github-com[bot] closed 4 months ago
[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)
Library home page: https://registry.npmjs.org/ip/-/ip-1.1.5.tgz
Found in HEAD commit: 7f99c836ea749efa113ef0ccdc60bfe4cbbfa856
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **ip-1.1.5.tgz** (Vulnerable Library)
Found in base branch: unstable
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Publish Date: 2024-02-08
URL: CVE-2023-42282
Exploit Maturity: Not Defined
EPSS: 0.1%
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-78xj-cgh5-2h22
Release Date: 2024-02-08
Fix Resolution: 1.1.9
:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #945
Vulnerable Library - ip-1.1.5.tgz
[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)
Library home page: https://registry.npmjs.org/ip/-/ip-1.1.5.tgz
Found in HEAD commit: 7f99c836ea749efa113ef0ccdc60bfe4cbbfa856
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-42282
### Vulnerable Library - ip-1.1.5.tgz[![](https://badge.fury.io/js/ip.svg)](https://www.npmjs.com/package/ip)
Library home page: https://registry.npmjs.org/ip/-/ip-1.1.5.tgz
Dependency Hierarchy: - :x: **ip-1.1.5.tgz** (Vulnerable Library)
Found in HEAD commit: 7f99c836ea749efa113ef0ccdc60bfe4cbbfa856
Found in base branch: unstable
### Vulnerability DetailsThe ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
Publish Date: 2024-02-08
URL: CVE-2023-42282
### Threat AssessmentExploit Maturity: Not Defined
EPSS: 0.1%
### CVSS 4 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: N/A - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-78xj-cgh5-2h22
Release Date: 2024-02-08
Fix Resolution: 1.1.9