• SirQuackTheDuck@lemmy.world
    link
    fedilink
    arrow-up
    11
    ·
    5 months ago

    Even worse, the CVE is effectively “if you use the package wrong, you get weird results”.

    The affected method has signature function isPrivate(ip: string): boolean. Passing in a hex number is not a string, and a method (toString) exists for this.