CVE-2021-29418: Improper Input Validation

March 30, 2021 (updated June 8, 2021)

The netmask package for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of This (in some situations) allows attackers to bypass access control that is based on IP addresses.

References

nvd.nist.gov/vuln/detail/CVE-2021-29418

Code Behaviors & Features

Detect and mitigate CVE-2021-29418 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →