Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xajkzLTM3ZjUtbXIyOc4AAX6N
Improper Input Validation in IpMatcher
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.
Permalink: https://github.com/advisories/GHSA-qj93-37f5-mr29JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xajkzLTM3ZjUtbXIyOc4AAX6N
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-qj93-37f5-mr29, CVE-2021-33318
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-33318
- https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89
- https://github.com/jchristn/IpMatcher
- https://github.com/jchristn/WatsonWebserver
- https://github.com/kaoudis/advisories/blob/main/0-2021.md
- https://github.com/advisories/GHSA-qj93-37f5-mr29
Blast Radius: 1.0
Affected Packages
nuget:IpMatcher
Dependent packages: 0Dependent repositories: 0
Downloads: 279,719 total
Affected Version Ranges: <= 1.0.4.1
Fixed in: 1.0.4.2
All affected versions:
All unaffected versions: 1.0.0, 1.0.1, 1.0.3, 1.0.4