-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from incorrect definitions of private and global IP address ranges within the ipaddress module. This affected the is_private and is_global properties of IPv4Address, IPv6Address, IPv4Network, and IPv6Network classes. The provided patches show modifications to the logic of these properties and updates to the underlying lists (_private_networks and _private_networks_exceptions in _IPv4Constants and _IPv6Constants) used to determine address status. Therefore, these properties were the vulnerable functions, as they would return incorrect results prior to the patch. The patch evidence points to the changed logic in these methods or the constants they rely upon.
Ongoing coverage of React2Shell