CVE-2021-28918 Scanner
Detects 'Server-Side-Request-Forgery (SSRF)' vulnerability in Netmask Npm Package affects v. 1.0.6 and below.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
744 sec
Scan only one
Url
Toolbox
-
The Netmask Npm Package is a software utility used to handle and manipulate IP addresses and netmasks. It is commonly utilized for network programming and security-related tasks, such as filtering incoming IP traffic or identifying valid IP ranges. This package provides an interface for developers to parse, manipulate, and validate IP addresses, subnets, and CIDR notation.
Recently, a critical vulnerability coded as CVE-2021-28918 has been identified in the Netmask Npm Package. This vulnerability allows remote attackers to exploit the package's improper input validation of octal strings, leading to an indeterminate Server-Side Request Forgery (SSRF), Remote File Inclusion (RFI), and Local File Inclusion (LFI) attacks. Essentially, this vulnerability can allow attackers to bypass network security controls and access critical VPN or LAN hosts.
When exploited, this vulnerability can have critical impacts on an organization's network security, allowing attackers to conduct malicious activities such as stealing sensitive data, installing malware, or destabilizing the network infrastructure. These types of attacks can result in significant financial loss, reputational damage, and legal implications.
With the pro features of the s4e.io platform, you can quickly learn about vulnerabilities in your digital assets. The platform provides comprehensive vulnerability assessments, penetration testing, and proactive threat intelligence to help organizations protect their networks from emerging threats. So, stay one step ahead of cybercriminals and safeguard your network with the s4e.io platform.
REFERENCES
- https://github.com/advisories/GHSA-pch5-whg9-qr2r
- https://github.com/rs/node-netmask
- https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md
- https://security.netapp.com/advisory/ntap-20210528-0010/
- https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
- https://www.npmjs.com/package/netmask