Giter Site home page Giter Site logo

Comments (5)

taylorjdawson avatar taylorjdawson commented on August 16, 2024 6

This is now more important than ever. Someone needs to get in and fix this SSRF attack vulnerability

from node-ip.

x3cion avatar x3cion commented on August 16, 2024 6

To be fair, if your only means of protecting unsecured or vulnerable local resources from being access is a thin veil of node-ip this sounds like a much bigger institutional problem with the software depending on this.

I'm not panicked, but I can tell you that many IT projects do dependency checks as a first line of defense (e.g. npm audit). Being a base package to over 3k packages, this issue is blocking a lot of people. That's why the pressure is so high. I don't want to know how many are silently subscribed to #136, just to see when its fixed. :)

from node-ip.

indutny avatar indutny commented on August 16, 2024 3

I'd be happy to give contributor bits and npm ownership to a person who has a track of maintaining some packages with reasonable download count. Thanks so much for raising this topic!

from node-ip.

alexporto2200 avatar alexporto2200 commented on August 16, 2024

Hey!
Is anyone helping you with this project? I was worried about some issues and saw that they are no longer accepting pr. I would like to help in some way.

from node-ip.

DevBrent avatar DevBrent commented on August 16, 2024

This is now more important than ever. Someone needs to get in and fix this SSRF attack vulnerability

To be fair, if your only means of protecting unsecured or vulnerable local resources from being access is a thin veil of node-ip this sounds like a much bigger institutional problem with the software depending on this.

Does no one use AWS Security Groups? If you know you have potentially vulnerable or intentionally unauthenticated local services why would you use policies like GCP's default-allow-internal? Does no one understand their attack vectors?

Concerning that anyone is panicked about this one.

from node-ip.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.