Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu: 6643-1 Moderate Risk of Node-IP SSRF Vulnerability Exploitation

ubuntu
Calendar Grey February 19, 2024
Dist Ubuntu Esm H88
A critical NPM security flaw reveals vital network details, impacting several Ubuntu versions. Ensure your system is updated immediately.
NPM IP could be made to expose sensitive information over the network.

Summary

NPM IP could be made to expose sensitive information over the

network.

Software Description:

- node-ip: IP address utilities for node.js

Details:

Emre Durmaz discovered that NPM IP package incorrectly distinguished

between private and public IP addresses. A remote attacker could

possibly use this issue to perform

Server-Side Request Forgery (SSRF) attacks.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   node-ip                         2.0.0+~1.1.0-1ubuntu0.1

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   node-ip                         1.1.5+~1.1.0-1ubuntu0.1~esm1

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
   node-ip                         1.1.5-5ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   node-ip                         1.1.5-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6643-1

  CVE-2023-42282

Ubuntu Security Notice USN-6643-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here