{"vulnerability": "CVE-2021-28918", "sightings": [{"uuid": "af100b56-0f7c-4312-aa57-8ebb0ff44273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28918", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-28918.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "486c02ba-dd6e-4fa4-8075-339233394002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28918", "type": "seen", "source": "MISP/256dd7af-3b95-452d-b946-c2e03a60eb97", "content": "", "creation_timestamp": "2024-11-14T06:08:27.000000Z"}, {"uuid": "f8db12ab-117f-4b33-b019-2758e5dafd23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28918", "type": "seen", "source": "https://t.me/BleepingComputer/9426", "content": "Critical netmask networking bug impacts thousands of applications\n\nPopular npm component netmask\u00a0has a critical networking vulnerability, CVE-2021-28918. netmask\u00a0is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The component gets over 3 million weekly downloads, and as of today, has scored over 238 million total downloads. [...]\n\nhttps://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/", "creation_timestamp": "2021-03-28T20:39:57.000000Z"}, {"uuid": "d98da965-83d4-4c5d-a213-6d4a7d8e1f44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28918", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5882", "content": "Universal \"netmask\" npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918) - Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!\nhttps://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/", "creation_timestamp": "2023-10-29T07:09:02.000000Z"}, {"uuid": "c15745d6-5af2-4aae-ac49-9993173cf62d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28918", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3014", "content": "CVE-2021-28918:\nServer-Side Request Forgery (SSRF)\nin Netmask package for npm <=1.1.0 (PoC)\nhttps://github.com/sickcodes/security/blob/master/advisories/SICK-2021-011.md", "creation_timestamp": "2021-03-30T11:01:07.000000Z"}, {"uuid": "a5936e2c-b2d3-42dc-acce-674577fc32d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28918", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3057", "content": "#Analytics\n10 most exploited vulnerabilities of the week (March 29 - April 4)\nCVE-2021-26855 - ProxyLogon MS Exchange Server RCE\nhttps://t.me/cybersecuritytechnologies/2835\nCVE-2021-3449/3450 - OpenSSL DoS/certificate validation\nhttps://t.me/cybersecuritytechnologies/2993\nhttps://thehackernews.com/2021/03/openssl-releases-patches-for-2-high.html\nCVE-2021-21975/CVE-2021-21983 - SSRF in VMWare vRealize Operations Manager API\nhttps://t.me/cybersecuritytechnologies/3039\nCVE-2019-8761 - macOS bug that lets attackers execute HTML within a TXT file\nhttps://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html\nCVE-2021-26411 - IE mshtml UAF\nhttps://t.me/cybersecuritytechnologies/2908\nCVE-2021-28918 - SSRF in Netmask package\nhttps://t.me/cybersecuritytechnologies/3014\nCVE-2020-25078 - D-Link psw disclosure\nhttps://t.me/cybersecuritytechnologies/3055\nCVE-2021-1656 - Windows tpm.sys Device Driver Information Disclosure\nhttps://t.me/cybersecuritytechnologies/3028", "creation_timestamp": "2022-06-01T02:32:51.000000Z"}]}