Node.js ip package vulnerable to SSRF due to incomplete fix for CVE-2023-42282
CVE-2024-29415
What is CVE-2024-29415?
The CVE-2024-29415 vulnerability affects the Node.js ip package through version 2.0.1, leaving it susceptible to SSRF attacks due to an incomplete fix for a previously identified vulnerability. This vulnerability could potentially allow attackers to execute commands and access personal identifiable information on millions of Cox modems, but there is no evidence of exploitation at this time. The NVD description lists specific IP addresses that are improperly categorized as globally routable, making them vulnerable to malicious activity. While the issue has been addressed, users of the affected package are encouraged to switch to safer, more actively maintained alternatives. The potential impact of CVE-2024-29415 highlights the importance of prompt mitigation to prevent unauthorized access and potential data breaches.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
News Articles
The Cyber ExpressSAP Update: Patches Fix Critical Flaws For Businesses
This month's SAP update addresses critical flaws that could allow attackers to bypass authentication and gain complete control of affected systems.
株式会社マキナレコードCVE-2024-29415研究者がCox製モデムの欠陥を発見、影響は数百万台に及んだ可能性 | Codebook|Security News
研究者がCox製モデムの欠陥を発見、影響は数百万台に及んだ可能性|CVE-2024-29415:人気Node.jsパッケージ「node-ip」で多数ユーザーがSSRF攻撃のリスクに晒される恐れ
References
EPSS Score
86% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📰
First article discovered by 株式会社マキナレコード
Vulnerability published