daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-28918.yaml 

Removed version as multiple reference includes multiple versions.
patch-1
sandeep 2021-07-06 12:45:50 +05:30
parent 7fb23a24b9
commit 59199ad35e
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2021/CVE-2021-28918.yaml
View File

@ -1,14 +1,15 @@
id: CVE-2021-28918
info:
name: Netmask NPM Package <=v1.0.6 SSRF
name: Netmask NPM Package SSRF
author: johnjhacking
severity: critical
description: Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
description: Improper input validation of octal strings in netmask npm package allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.
tags: cve,cve2021,npm,netmask,ssrf,lfi
reference: |
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md
- https://nvd.nist.gov/vuln/detail/CVE-2021-28918
- https://github.com/advisories/GHSA-pch5-whg9-qr2r
requests:
- method: GET