USN-6643-1: NPM IP vulnerability
Published Feb 19, 2024
·Updated
Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery (SSRF) attacks.
Affected Software
8 affected componentsFixes available
All of the following
ubuntu/node-ip<2.0.0+~1.1.0-1ubuntu0.1
2.0.0+~1.1.0-1ubuntu0.1
Ubuntu Ubuntu=23.10
All of the following
ubuntu/node-ip<1.1.5+~1.1.0-1ubuntu0.1~esm1
1.1.5+~1.1.0-1ubuntu0.1~esm1
Ubuntu Ubuntu=22.04
All of the following
ubuntu/node-ip<1.1.5-5ubuntu0.1~esm1
1.1.5-5ubuntu0.1~esm1
Ubuntu Ubuntu=20.04
All of the following
ubuntu/node-ip<1.1.5-1ubuntu0.1~esm1
1.1.5-1ubuntu0.1~esm1
Ubuntu Ubuntu=18.04
Event History
Feb 19, 2024
Advisory Published
via Ubuntu·12:00 AM
Frequently Asked Questions
1
What is the severity of USN-6643-1?
The vulnerability USN-6643-1 has a high severity level due to the potential for Server-Side Request Forgery (SSRF) attacks.
2
How do I fix USN-6643-1?
To mitigate USN-6643-1, update the node-ip package to the remedied versions provided in the advisory for your Ubuntu release.
3
What versions of node-ip are affected by USN-6643-1?
USN-6643-1 affects multiple versions of node-ip prior to the remedied versions specified for Ubuntu 18.04, 20.04, 22.04, and 23.10.
4
Who discovered the vulnerability USN-6643-1?
The vulnerability USN-6643-1 was discovered by Emre Durmaz.
5
What type of attacks can be performed exploiting USN-6643-1?
A remote attacker could exploit USN-6643-1 to perform Server-Side Request Forgery (SSRF) attacks.