CVE-2024-29415

[MarouenBouazizi]

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

https://www.mend.io/vulnerability-database/CVE-2024-29415?utm_source=JetBrains

[michaelfarrell76]

any plans to address this?

[Nikhil-Kumar-TBS]

Hi Team! Any ETA to fix this issue?