9.1
CVE-2021-28918
- EPSS 85.9%
- Veröffentlicht 01.04.2021 13:15:14
- Zuletzt bearbeitet 21.11.2024 06:00:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginImproper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netmask Project ≫ Netmask SwPlatformnode.js Version <= 1.0.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 85.9% | 0.993 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-704 Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.