The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.
History

Sun, 08 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.2::el7

Mon, 19 Aug 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.2::el7
cpe:/a:redhat:acm:2.2::el8

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-03-30T06:08:00

Updated: 2024-08-03T22:02:51.874Z

Reserved: 2021-03-29T00:00:00

Link: CVE-2021-29418

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-03-30T07:15:13.113

Modified: 2024-11-21T06:01:03.680

Link: CVE-2021-29418

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-03-29T00:00:00Z

Links: CVE-2021-29418 - Bugzilla