Cosmosofcyberspace

**Name of the Vulnerable Software and Affected Versions** ip (aka node-ip) package versions through 2.0.1 **Description** The ip (aka node-ip) package may allow Server-Side Request Forgery (SSRF) due to the improper categorization of the IP address value 0 as globally routable via the `isPublic` function. This issue stems from an incomplete fix for a previously identified problem. Connection attempts to the IP address 0 (or 0.0.0.0) may be interpreted as attempts to connect to 127.0.0.1 in certain application versions and operating systems. **Recommendations** Update to a version of the ip (aka node-ip) package later than 2.0.1.