How severe is CVE-2024-28607?

This vulnerability has a severity rating of LOW with a CVSS score of 2.9 out of 10.

What type of vulnerability is CVE-2024-28607?

This is classified as CWE-180, which is a common weakness in software security.

CVE-2024-28607

LOW Year: 2024

CVSS v3 Score

2.9

Low

Weakness Type

CWE-180

View all →

Vulnerability Description

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.

CVE-2022-26136

CRITICAL

CVSS:9.8(Critical)

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...

CWE-1802022

CVE-2022-26137

HIGH

CVSS:8.8(High)

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...

CWE-1802022

CVE-2025-43716

MEDIUM

CVSS:5.8(Medium)

A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access contro...

CWE-1802025

CVE-2024-28607

Vulnerability Description

Related Vulnerabilities

CVE-2022-26136

CVE-2022-26137

CVE-2025-43716