CVE-2021-33318: Improper Input Validation

May 17, 2022 (updated May 25, 2022)

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

References

github.com/advisories/GHSA-qj93-37f5-mr29
github.com/jchristn/IpMatcher
github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89
github.com/jchristn/WatsonWebserver
github.com/kaoudis/advisories/blob/main/0-2021.md
nvd.nist.gov/vuln/detail/CVE-2021-33318

Code Behaviors & Features

Detect and mitigate CVE-2021-33318 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →