[GHSA-2p57-rm9w-gvfp] ip SSRF improper categorization in isPublic

advisories/github-reviewed/2024/06/GHSA-2p57-rm9w-gvfp/GHSA-2p57-rm9w-gvfp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2p57-rm9w-gvfp",
-  "modified": "2025-01-17T21:31:38Z",
+  "modified": "2025-01-17T21:31:39Z",
   "published": "2024-06-02T22:29:29Z",
   "aliases": [
     "CVE-2024-29415"
@@ -10,14 +10,14 @@
   "details": "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.",
   "severity": [
     {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
     {
       "package": {
-        "ecosystem": "npm",
+        "ecosystem": "SwiftURL",
         "name": "ip"
       },
       "ranges": [
@@ -63,9 +63,12 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-918"
+      "CWE-5",
+      "CWE-6",
+      "CWE-7",
+      "CWE-9"
     ],
-    "severity": "HIGH",
+    "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2024-06-02T22:29:29Z",
     "nvd_published_at": "2024-05-27T20:15:08Z"