SSRF vulnerability: in NPM package impacts up to 279k projects

A potentially “catastrophic” security vulnerability in Netmask, an NPM package used by more than 279,000 open source projects, has been patched after lying undiscovered for nine years.

The improper input validation flaw could allow remote, unauthenticated attackers to achieve server-side request forgery (SSRF) in downstream applications.

Read more:(published here)
https://portswigger-net.cdn.ampproject.org/v/s/portswigger.net/daily-swig/amp/ssrf-vulnerability-in-npm-package-netmask-impacts-up-to-279k-projects?amp_js_v=a6&amp_gsa=1&usqp=mq331AQFKAGwASA%3D#aoh=16171276886939&csi=1&referrer=https%3A%2F%2Fwww.google.com&amp_tf=From%20%251%24s&ampshare=https%3A%2F%2Fportswigger.net%2Fdaily-swig%2Fssrf-vulnerability-in-npm-package-netmask-impacts-up-to-279k-projects