netmask

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting netmaskpage 1 of 1

CVE-2021-28918CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.1.0
2021-04-01
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated atta…
CVE-2021-29418MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.0.1
2021-03-30
The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. …

Check whether netmask is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for netmask CVEs against the assets you own.

Start Free Scan →