MEDIUM
GHSA-xw57-23p8-9wc5
@asymmetric-effort/specifyjs: Localhost bypass incomplete (IPv6, 0.0.0.0, 127.x range)
상세
## Finding
**Location**: `core/src/shared/secure-fetch.ts:52-54`
The localhost exception allowed `localhost` and `127.0.0.1` but did not cover `0.0.0.0`, `[::1]` (IPv6 localhost), or the full `127.0.0.0/8` loopback range.
## Status
**Fixed in v0.2.136** — Localhost detection now covers `localhost`, `127.0.0.1`, `[::1]`, `0.0.0.0`, and the full `127.x.x.x` range.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
npm / @asymmetric-effort/specifyjs
최초 영향 버전:
0 수정 버전: 0.2.136 수정
npm install @asymmetric-effort/specifyjs@0.2.136 참고
- https://github.com/asymmetric-effort/specifyjs/security/advisories/GHSA-xw57-23p8-9wc5 [WEB]
- https://github.com/asymmetric-effort/specifyjs/commit/25d1fb491d99479efdf501f5f75e0bb80c908f0a [WEB]
- https://github.com/asymmetric-effort/specifyjs/commit/293124c51bf797c0f5cdae32981110545850a893 [WEB]
- https://github.com/asymmetric-effort/specifyjs [PACKAGE]