CVE-2021-33318 – ipmatcher

Package

Manager: nuget
Name: ipmatcher
Vulnerable Version: >=0 <1.0.4.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00705 pctl0.71228

Details

Improper Input Validation in IpMatcher An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

Metadata

Created: 2022-05-17T00:00:35Z
Modified: 2022-05-26T21:21:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qj93-37f5-mr29/GHSA-qj93-37f5-mr29.json
CWE IDs: ["CWE-20", "CWE-704"]
Alternative ID: GHSA-qj93-37f5-mr29
Finding: F184
Auto approve: 1