• @SirQuackTheDuck
    link
    116 months ago

    Even worse, the CVE is effectively “if you use the package wrong, you get weird results”.

    The affected method has signature function isPrivate(ip: string): boolean. Passing in a hex number is not a string, and a method (toString) exists for this.