Vulnerability Details : CVE-2021-47156
The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Products affected by CVE-2021-47156
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2021-47156
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
References for CVE-2021-47156
-
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
Security Issues in Perl IP Address distros - House Absolute(ly) Pointless
-
https://metacpan.org/release/Net-IPAddress-Util
Net-IPAddress-Util-5.001 - Version-agnostic representation of an IP address - metacpan.org
-
https://metacpan.org/release/PWBENNETT/Net-IPAddress-Util-5.000/changes
Changes - metacpan.org
Jump to