Описание
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
Ссылки
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitPress/Media CoverageThird Party Advisory
- ProductThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitPress/Media CoverageThird Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.6 (включая)
cpe:2.3:a:netmask_project:netmask:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 99%
0.85896
Высокий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-704
Связанные уязвимости
CVSS3: 9.1
redhat
почти 5 лет назад
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
EPSS
Процентиль: 99%
0.85896
Высокий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-704