private_address_check

RubyGems3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting private_address_checkpage 1 of 1

CVE-2017-0904HIGHCVSS 8.1EG 8.1✓ Fixed in 0.4.0
2017-11-13
vulnerable: 0.1.0, 0.2.0, 0.3.0
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private ne…
CVE-2017-0909CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.4.1
2017-11-16
vulnerable: 0.1.0, 0.2.0, 0.3.0, 0.4.0
The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.
CVE-2018-3759LOWCVSS 3.7EG 3.7✓ Fixed in 0.5.0
2018-06-13
vulnerable: 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial reso…

Check whether private_address_check is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for private_address_check CVEs against the assets you own.

Start Free Scan →