-
Remove node_modules/ip package. (@marcoandre1)
NPM IP package vulnerable to Server-Side Request Forgery (SSRF) attacks :
An issue in all published versions of the NPM packageipallows an attacker to execute arbitrary code and obtain sensitive information via theisPublic()function. This can lead to potential Server-Side Request Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between public and private IP addresses.
Contributors
marcoandre1