Time of Check Time of Use (TOCTOU) Affecting private_address_check package, versions <0.5.0
Snyk CVSS
Attack Complexity
High
Threat Intelligence
EPSS
0.09% (36th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-PRIVATEADDRESSCHECK-22028
- published 10 Jun 2018
- disclosed 4 May 2018
- credit Unknown
Introduced: 4 May 2018
CVE-2018-3759 Open this link in a new tabHow to fix?
Upgrade private_address_check
to version 0.5.0 or higher.
Overview
private_address_check
checks if a IP or hostname would cause a request to a private network (RFC 1918).
Affected versions of this package are vulnerable to Time of Check Time of Use (TOCTOU) attacks. The address that was used by the socket was not sufficiently checked.