admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-289xx/CVE-2021-28918.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

152 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-28918",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-04-01T13:15:14.460",
"lastModified": "2023-08-08T14:22:24.967",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n inapropiada de entrada de cadenas octales en el paquete netmask npm versiones v1.0.6 y anteriores, permite a atacantes remotos no autenticados llevar a cabo ataques de tipo SSRF, RFI y LFI indeterminados en muchos de los paquetes dependientes. Un atacante remoto no autenticado puede omitir unos paquetes que dependen de la m\u00e1scara de red para filtrar las direcciones IP y llegar a hosts cr\u00edticos de VPN o LAN."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 6.4
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-704"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netmask_project:netmask:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "1.0.6",
"matchCriteriaId": "1EDCEBC9-A043-4B75-BF02-1CA22DFA4E10"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-pch5-whg9-qr2r",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/rs/node-netmask",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://rootdaemon.com/2021/03/29/vulnerability-in-netmask-npm-package-affects-280000-projects/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20210528-0010/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Press/Media Coverage",
"Third Party Advisory"
]
},
{
"url": "https://www.npmjs.com/package/netmask",
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink