![](/static/0b35d4a1/assets/icons/icon-96x96.png)
![](https://lemmy.ml/pictrs/image/2QNz7bkA1V.png)
Even worse, the CVE is effectively “if you use the package wrong, you get weird results”.
The affected method has signature function isPrivate(ip: string): boolean
. Passing in a hex number is not a string, and a method (toString
) exists for this.
A year lasts longer