An issue in all published versions of the NPM package ip allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function. This can lead to potential Server-Side Request Forgery (SSRF) attacks. The core issue is the function's failure to accurately distinguish between public and private IP addresses.更多详情:
我是 NodeJs 和 Angular 的新手,我还没有期待任何东西。
请帮忙:)
如果您的应用程序(可能直接或间接使用
ip如果后端使用了
ipipipisPublic