Skip to main content

Private Ip

1 CVEs product

Monthly

CVE-2020-28360 npm CRITICAL PATCH Act Now

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE SSRF Private Ip
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE SSRF +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy