6 matches found
MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2022-2898:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2898:01 advisory. python-psutil: Double free because of refcount mishandling CVE-2019-18874 python-jinja2: ReDoS vulnerability in the urlize filter CVE-2020-28493...
CVE-2021-28918
A flaw was found in nodejs-netmask. Octal input data may lead to a server-side request forgery, remote file inclusion, local file inclusion, and other vulnerabilities. The highest threat from this vulnerability is to data integrity...
netmask npm package vulnerable to octal input data
Overview netmask npm package is vulnerable to octal input data. This may lead to server-side request forgery, remote file inclusion, local file inclusion, and other vulnerabilities. Recommendation Upgrade to version 2.0.1 or later. References - GitHub Advisory - Researcher report...
netmask npm package mishandles octal input data
The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...
GHSA-PCH5-WHG9-QR2R netmask npm package mishandles octal input data
The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...
PT-2021-17985 · Npm · Netmask
Name of the Vulnerable Software and Affected Versions: netmask npm package versions 1.0.6 and below netmask npm package versions 2.0.0 Description: The issue is related to improper input validation of octal strings in the netmask npm package, allowing unauthenticated remote attackers to perform...