CVE-2024-29415

Name of the Vulnerable Software and Affected Versions: ip package versions through 2.0.1 for Node.js

Description: The issue is related to the improper categorization of certain IP addresses as globally routable via the isPublic() function, which might allow Server-Side Request Forgery (SSRF) attacks. This is due to an incomplete fix for a previous issue. The vulnerability can be exploited by a remote attacker to perform SSRF attacks. It is estimated that millions of devices are potentially affected.

Recommendations: For ip package versions through 2.0.1, consider disabling the isPublic() function until a patch is available to prevent potential SSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.