PT-2025-37863 · Npm+1 · Ip+1
Emredurmaz4
·
Published
2025-09-16
·
Updated
2025-09-24
·
CVE-2025-59436
CVSS v3.1
3.2
Low
| Vector | AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ip (aka node-ip) versions through 2.0.1
Description
The ip (aka node-ip) package may allow Server-Side Request Forgery (SSRF) due to the improper categorization of the IP address value 017700000001 as globally routable via the
isPublic function. This issue is related to an incomplete fix for a previously identified issue.Recommendations
Update to a version beyond 2.0.1.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Ip