Skip to main content

Private Address Check

3 CVEs product

Monthly

CVE-2018-3759 Ruby LOW PATCH Monitor

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Private Address Check
NVD GitHub
CVSS 3.0
3.7
EPSS
0.7%
CVE-2017-0909 Ruby CRITICAL PATCH Act Now

The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Private Address Check
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2017-0904 Ruby HIGH PATCH This Week

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

SSRF Private Address Check
NVD GitHub
CVSS 3.0
8.1
EPSS
0.9%
EPSS 1% CVSS 3.7
LOW PATCH Monitor

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Private Address Check
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Private Address Check
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

SSRF Private Address Check
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy