ip SSRF improper categorization in isPublic in Bootstrap 5.3.3 #40957

Meiroudii · 2024-10-18T14:06:26Z

Meiroudii
Oct 18, 2024

After I forked the repo, I npm install it then it showing some high severe vulnerability after the command npm audit

ip *
Severity: high
ip SSRF improper categorization in isPublic - GHSA-2p57-rm9w-gvfp
No fix available
node_modules/ip

1 high severity vulnerability

Some issues need review, and may require choosing
a different dependency.

Answered by julien-deramond

The ip package is only used for the Karma BrowserStack or debug unit tests, not in Bootstrap library itself. So nothing to worry about.

julien-deramond · 2024-10-18T14:45:40Z

The ip package is only used for the Karma BrowserStack or debug unit tests, not in Bootstrap library itself. So nothing to worry about.

0 replies