{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-42282", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T19:16:51.020Z", "dateReserved": "2023-09-08T00:00:00", "datePublished": "2024-02-08T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-03T21:53:10.340956"}, "descriptions": [{"lang": "en", "value": "The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"}, {"url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894"}, {"url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"}, {"url": "https://security.netapp.com/advisory/ntap-20240315-0008/"}, {"url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:16:51.020Z"}, "title": "CVE Program Container", "references": [{"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html", "tags": ["x_transferred"]}, {"url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894", "tags": ["x_transferred"]}, {"url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240315-0008/", "tags": ["x_transferred"]}, {"url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "3117142B-3F19-42D1-8A43-EEE2ECA4BA6E", "versionEndExcluding": "1.1.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fedorindutny:ip:2.0.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "45CEC4AC-81A3-4E86-A25C-292D4755A13F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic."}, {"lang": "es", "value": "Un problema en el paquete IP NPM v.1.1.8 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n isPublic()."}], "id": "CVE-2023-42282", "lastModified": "2024-11-21T08:22:24.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-08T17:15:10.840", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description"], "url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240315-0008/"}, {"source": "cve@mitre.org", "tags": ["Press/Media Coverage"], "url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description"], "url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240315-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage"], "url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3550", "cpe": "cpe:/a:redhat:rhboac_hawtio:4.0.0", "package": "nodejs-ip", "product_name": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", "release_date": "2024-06-03T00:00:00Z"}, {"advisory": "RHBA-2024:1440", "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.5::el9", "package": "migration-toolkit-virtualization/mtv-console-plugin-rhel9:2.5.6-4", "product_name": "Migration Toolkit for Virtualization 2.5", "release_date": "2024-03-20T00:00:00Z"}, {"advisory": "RHSA-2024:3868", "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9", "package": "network-observability/network-observability-cli-rhel9:v1.6.0-66", "product_name": "NETWORK-OBSERVABILITY-1.6.0-RHEL-9", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2024:3868", "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9", "package": "network-observability/network-observability-console-plugin-rhel9:v1.6.0-66", "product_name": "NETWORK-OBSERVABILITY-1.6.0-RHEL-9", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2024:3868", "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9", "package": "network-observability/network-observability-ebpf-agent-rhel9:v1.6.0-66", "product_name": "NETWORK-OBSERVABILITY-1.6.0-RHEL-9", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2024:3868", "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9", "package": "network-observability/network-observability-flowlogs-pipeline-rhel9:v1.6.0-66", "product_name": "NETWORK-OBSERVABILITY-1.6.0-RHEL-9", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2024:3868", "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9", "package": "network-observability/network-observability-operator-bundle:1.6.0-78", "product_name": "NETWORK-OBSERVABILITY-1.6.0-RHEL-9", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2024:3868", "cpe": "cpe:/a:redhat:network_observ_optr:1.6.0::el9", "package": "network-observability/network-observability-rhel9-operator:v1.6.0-66", "product_name": "NETWORK-OBSERVABILITY-1.6.0-RHEL-9", "release_date": "2024-06-17T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/mcg-core-rhel9:v4.15.0-68", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}], "bugzilla": {"description": "nodejs-ip: arbitrary code execution via the isPublic() function", "id": "2265161", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-918", "details": ["The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.", "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-42282", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Not affected", "package_name": "nodejs-ip", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Affected", "package_name": "workload-availability/node-remediation-console-rhel8", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Out of support scope", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Out of support scope", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Out of support scope", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Out of support scope", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "nodejs-ip", "product_name": "Red Hat build of Apicurio Registry"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Affected", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Will not fix", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:16/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:18/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:20/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nodejs:18/nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nodejs:20/nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "nodejs-ip", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "nodejs-ip", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "nodejs-ip", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "nodejs-ip", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "nodejs-ip", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/code-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-all-in-one-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-es-index-cleaner-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-es-rollover-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-ingester-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-nodejs14-nodejs", "product_name": "Red Hat Software Collections"}], "public_date": "2024-02-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-42282\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42282\nhttps://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"], "statement": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it's categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.", "threat_severity": "Important", "upstream_fix": "nodejs-ip 1.1.9, nodejs-ip 2.0.1"}