GHSA-qj93-37f5-mr29

Source

https://github.com/advisories/GHSA-qj93-37f5-mr29

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qj93-37f5-mr29/GHSA-qj93-37f5-mr29.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qj93-37f5-mr29

Aliases

CVE-2021-33318

Published

2022-05-17T00:00:35Z

Modified

2024-02-16T08:15:03.400630Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Input Validation in IpMatcher

Details

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

Database specific

{
    "nvd_published_at": "2022-05-16T16:15:00Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-704"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-25T19:26:55Z"
}

References

Affected packages

NuGet / IpMatcher

Package

Name: IpMatcher; View open source insights on deps.dev
Purl: pkg:nuget/IpMatcher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.4.2

Affected versions

1.*

1.0.0

1.0.1

1.0.3

1.0.4

1.0.4.1

Database specific

{
    "last_known_affected_version_range": "<= 1.0.4.1"
}