What is CVE-2024-29415?

CVE-2024-29415 is a vulnerability in N/a. Published 2024-05-27.

Is CVE-2024-29415 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issu…

EPSS: 0.843 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

felipecruz91/node-ip-vex
Dgporte/ExerciciosDockerPB2025
Sharpforce/cybersecurity
lucasarasa/exec-docker-abr-2025
ARPSyndicate/cve-scores
tanjiti/sec_
webpod/ip
nomi-sec/PoC-in-GitHub

References

github.com/indutny/node-ip/pull/143
github.com/indutny/node-ip/pull/144
github.com/indutny/node-ip/issues/150

Frequently asked questions

What is CVE-2024-29415?: CVE-2024-29415 is a vulnerability in N/a. Published 2024-05-27.
Is CVE-2024-29415 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.