{"id":"CVE-2021-27191","details":"The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the range is untrusted input. An attacker could send a large range (such as 128.0.0.0/1) that causes resource exhaustion.","aliases":["GHSA-6q4w-3wp4-q5wf"],"modified":"2026-03-14T10:49:49.925108Z","published":"2021-02-11T18:15:18.347Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210319-0002/"},{"type":"ADVISORY","url":"https://www.npmjs.com/package/get-ip-range"},{"type":"FIX","url":"https://github.com/JoeScho/get-ip-range/commit/98ca22b815c77273cbab259811ab0976118e13b6"},{"type":"EVIDENCE","url":"https://advisory.checkmarx.net/advisory/CX-2021-4304"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/joescho/get-ip-range","events":[{"introduced":"0"},{"fixed":"98ca22b815c77273cbab259811ab0976118e13b6"}]},{"type":"GIT","repo":"https://github.com/joescho/get-ip-range","events":[{"introduced":"0"},{"fixed":"98ca22b815c77273cbab259811ab0976118e13b6"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.0"}]},{"events":[{"introduced":"0"},{"fixed":"4.0.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27191.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}