Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-78xj-cgh5-2h22] NPM IP package incorrectly identifies some private IP addresses as public #3617

Closed

Conversation

ouuan
Copy link

@ouuan ouuan commented Feb 21, 2024

Updates

  • Affected products
  • CWEs
  • Description
  • References

Comments
The patch indutny/node-ip#138 does not cover all cases. See indutny/node-ip#143

@github-actions github-actions bot changed the base branch from main to ouuan/advisory-improvement-3617 February 21, 2024 11:10
@JonathanLEvans
Copy link

Hi @ouuan, incomplete fixes normally receive separate CVE IDs. A CVE ID can be obtained from GitHub through the repository's security advisory feature.

@ouuan
Copy link
Author

ouuan commented Feb 23, 2024

Fine. I also think a new CVE is better, but the maintainer is very inactive so I tried to edit the old CVE.

@ouuan ouuan closed this Feb 23, 2024
@github-actions github-actions bot deleted the ouuan-GHSA-78xj-cgh5-2h22 branch February 23, 2024 03:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants