CVE-2021-28918
Published: 01 April 2021
Summary
CVE-2021-28918 is a critical-severity Incorrect Type Conversion or Cast (CWE-704) vulnerability in Netmask Project Netmask. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-0754
Vulnerability details
Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on…
more
netmask to filter IPs and reach critical VPN or LAN hosts.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.