Security Advisory

CVE-2024-28607

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-11 00:00:00

Last updated 2025-03-11 13:18:51

Assigner mitre

State PUBLISHED

Description

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.

← Browse all CVEs View on cve.org ↗