Skip to main content

Netmask

2 CVEs product

Monthly

CVE-2021-28918 npm CRITICAL POC PATCH THREAT Act Now

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Netmask
NVD GitHub
CVSS 3.1
9.1
EPSS
16.4%
CVE-2021-29418 npm MEDIUM PATCH This Month

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Authentication Bypass Netmask
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
EPSS 16% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Netmask
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Authentication Bypass Netmask
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy