This is a Next.js, Tailwind CSS blogging starter template. Comes out of the box configured with the latest technologies to make technical writing a breeze. Easily configurable and customizable. Perfect as a replacement to existing Jekyll and Hugo individual blogs.
An issue in all published versions of the NPM package ip allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function. This can lead to potential Server-Side Request Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between public and private IP addresses.
References
https://nvd.nist.gov/vuln/detail/CVE-2023-42282
https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html
https://github.com/JoshGlazebrook/socks/issues/93#issue-2128357447
https://github.com/github/advisory-database/pull/3504#issuecomment-1937179999
After pushing to origin, I was notified about this new vulnerability:
https://github.com/advisories/GHSA-78xj-cgh5-2h22
Update IP to 2.0.1
yarn up -R ip
`yarn.lock'
Before:
After: