CVE-2024-29415

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-918
View all →

Vulnerability Description

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

Related Vulnerabilities

CVE-2017-16870

HIGH
CVSS:8.1(High)

The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that ...

CWE-9182017

CVE-2017-6201

HIGH
CVSS:8.1(High)

A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access contr...

CWE-9182017

CVE-2018-20436

HIGH
CVSS:8.1(High)

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent...

CWE-9182018

CVE-2020-21649

HIGH
CVSS:8.1(High)

Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.

CWE-9182020

CVE-2020-22983

HIGH
CVSS:8.1(High)

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via ...

CWE-9182020

CVE-2020-8134

HIGH
CVSS:8.1(High)

Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems.

CWE-9182020