CVE-2023-42282

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in npm/ip

Identifiers

CVE-2023-42282, GHSA-78xj-cgh5-2h22

Package Slug

npm/ip

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function.

Affected Versions

All versions up to 1.1.8

Solution

Upgrade to version 2.0.0 or above.

Last Modified

2024-02-12

source