Enze Wang

**Name of the Vulnerable Software and Affected Versions** net-ip version (affected versions not specified) Traefik version (affected versions not specified) **Description** The issue is related to the incorrect functioning of the `Is` methods (such as `IsPrivate`, `IsLoopback`, etc.) in the net-ip component of the Golang programming language. This incorrect functioning occurs when handling IPv4-mapped IPv6 addresses, where these methods return `false` for addresses that would return `true` in their traditional IPv4 forms. This could allow an attacker to bypass existing access restriction policies. **Recommendations** For net-ip, consider temporarily disabling or restricting the use of the `Is` methods until a patch is available. For Traefik, restrict access to the affected module to minimize the risk of exploitation. Avoid using IPv4-mapped IPv6 addresses in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.