Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
History

Sun, 08 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.2::el7

Mon, 19 Aug 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.2::el7
cpe:/a:redhat:acm:2.2::el8

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-01T12:33:50

Updated: 2024-08-03T21:55:11.828Z

Reserved: 2021-03-19T00:00:00

Link: CVE-2021-28918

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-01T13:15:14.460

Modified: 2024-11-21T06:00:23.850

Link: CVE-2021-28918

cve-icon Redhat

Severity : Important

Publid Date: 2021-03-29T00:00:00Z

Links: CVE-2021-28918 - Bugzilla