Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package ip, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2023-42282 — CVSS 9.8 (critical): The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally…
CVE-2024-29415 — CVSS 8.1 (high): The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01…