-
-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability: express-ipfilter use Depends on vulnerable versions of ip package #159
Comments
Not relevant, we do not use |
Thanks for reply, I am about this package https://github.com/jetersen/express-ipfilter/blob/master/package.json#L78 |
But seems there is no fix from https://github.com/indutny/node-ip |
But the vulnerability is only in there if you actively use |
Oh, sure, I understood, thanks for the reply. |
This logic doesn't compute for me. |
Feel free to submit a PR. There are plenty of false positive. |
Thanks will do next time. I misunderstood your comment |
@odubuc well you can read this: indutny/node-ip#136 (comment) it details the issue I have with this CVE |
ip *
Severity: high
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks - GHSA-78xj-cgh5-2h22
No fix available
node_modules/ip
express-ipfilter *
Depends on vulnerable versions of ip
node_modules/express-ipfilter
The text was updated successfully, but these errors were encountered: