{"id":"UBUNTU-CVE-2023-42282","details":"The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.","modified":"2026-02-04T02:59:26.181009Z","published":"2024-02-09T00:00:00Z","related":["USN-6643-1"],"upstream":["CVE-2023-42282"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-42282"},{"type":"REPORT","url":"https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"},{"type":"REPORT","url":"https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6643-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2023-42282"}],"affected":[{"package":{"name":"node-ip","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/node-ip@1.1.5-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.5-1ubuntu0.1~esm1"}]}],"versions":["1.1.5-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-ip","binary_version":"1.1.5-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42282.json"}},{"package":{"name":"node-ip","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/node-ip@1.1.5-5ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.5-5ubuntu0.1~esm1"}]}],"versions":["1.1.5-3","1.1.5-5"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-ip","binary_version":"1.1.5-5ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42282.json"}},{"package":{"name":"node-ip","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/node-ip@1.1.5+~1.1.0-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.5+~1.1.0-1ubuntu0.1~esm1"}]}],"versions":["1.1.5-5","1.1.5+~1.1.0-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"node-ip","binary_version":"1.1.5+~1.1.0-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42282.json"}},{"package":{"name":"node-ip","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/node-ip@2.0.0+~1.1.0-1ubuntu1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0+~1.1.0-1ubuntu1"}]}],"versions":["2.0.0+~1.1.0-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"node-ip","binary_version":"2.0.0+~1.1.0-1ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42282.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}