Advisories for Npm/Netmask package

Improper input validation of octal strings in netmask npm allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.

The netmask package for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of This (in some situations) allows attackers to bypass access control that is based on IP addresses.