CVE-2021-28918: Improper Input Validation

April 1, 2021 (updated August 8, 2023)

Improper input validation of octal strings in netmask npm allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.

References

nvd.nist.gov/vuln/detail/CVE-2021-28918

Detect and mitigate CVE-2021-28918 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →