[Git][security-tracker-team/security-tracker][master] Reference upstream issues for node-ip CVEs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Oct 26 08:07:42 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
03b4268a by Salvatore Bonaccorso at 2025-10-26T09:07:17+01:00
Reference upstream issues for node-ip CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15095,13 +15095,14 @@ CVE-2025-59437 (The ip (aka node-ip) package through 2.0.1 (in NPM) might allow
[trixie] - node-ip <no-dsa> (Minor issue)
[bookworm] - node-ip <not-affected> (Incomplete fix for CVE-2024-29415 not applied)
[bullseye] - node-ip <not-affected> (Incomplete fix for CVE-2024-29415 not applied)
+ NOTE: https://github.com/indutny/node-ip/issues/160
NOTE: CVE exists for an incomplete fix of CVE-2024-29415
CVE-2025-59436 (The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...)
- node-ip <unfixed>
[trixie] - node-ip <no-dsa> (Minor issue)
[bookworm] - node-ip <not-affected> (Incomplete fix for CVE-2024-29415 not applied)
[bullseye] - node-ip <not-affected> (Incomplete fix for CVE-2024-29415 not applied)
- NOTE: https://github.com/indutny/node-ip/issues/160
+ NOTE: https://github.com/indutny/node-ip/issues/162
NOTE: CVE exists for an incomplete fix of CVE-2024-29415
CVE-2025-59332 (3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0 through 1.8 ...)
NOT-FOR-US: 3DAlloy
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b4268a70c896b65c977ea0b75a4f5d1c3ea1ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b4268a70c896b65c977ea0b75a4f5d1c3ea1ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251026/40fc4535/attachment.htm>
More information about the debian-security-tracker-commits
mailing list