What is CVE-2021-28918?

CVE-2021-28918 is a vulnerability in N/a. Published 2021-04-01.

Is CVE-2021-28918 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-28918

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated atta…

EPSS: 0.859 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.npmjs.com/package/netmask (x_refsource_MISC)
github.com/rs/node-netmask (x_refsource_MISC)
www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-… (x_refsource_MISC)
github.com/advisories/GHSA-pch5-whg9-qr2r (x_refsource_MISC)
github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md (x_refsource_MISC)
security.netapp.com/advisory/ntap-20210528-0010/ (x_refsource_CONFIRM)
rootdaemon.com/2021/03/29/vulnerability-in-netmask-npm-package-affects-280000-p… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-28918?: CVE-2021-28918 is a vulnerability in N/a. Published 2021-04-01.
Is CVE-2021-28918 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.