CVE-2021-28918

CVE-2021-28918

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.

Source: CVE-2021-28918

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다