DEV Community

loading...

SSRF vulnerability: in NPM package impacts up to 279k projects

manish srivastava
Director & CEO, GDP CHURN (P) Ltd. Loves coding . Supports open source by funding.
・1 min read

A potentially “catastrophic” security vulnerability in Netmask, an NPM package used by more than 279,000 open source projects, has been patched after lying undiscovered for nine years.

The improper input validation flaw could allow remote, unauthenticated attackers to achieve server-side request forgery (SSRF) in downstream applications.

Read more:(published here)
https://portswigger-net.cdn.ampproject.org/v/s/portswigger.net/daily-swig/amp/ssrf-vulnerability-in-npm-package-netmask-impacts-up-to-279k-projects?amp_js_v=a6&amp_gsa=1&usqp=mq331AQFKAGwASA%3D#aoh=16171276886939&csi=1&referrer=https%3A%2F%2Fwww.google.com&amp_tf=From%20%251%24s&ampshare=https%3A%2F%2Fportswigger.net%2Fdaily-swig%2Fssrf-vulnerability-in-npm-package-netmask-impacts-up-to-279k-projects

Discussion (0)