@disclose_io Community Forum

Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)

Write-ups and Disclosures

sickcodes March 29, 2021, 8:33am 1

Huge effort by the team!

1 Like

Topic		Replies	Views	Activity
Lookup.disclose.io is now live — beta testers wanted Write-ups and Disclosures	0	8	March 27, 2026
How I found a TOR vulnerability in Brave Browser, reported it, watched it get patched, got a CVE (CVE-2020-8276), and a small bounty all in one working day Write-ups and Disclosures	0	9490	November 9, 2020
Meet your fellow disclose.io community! Hacker Connect	44	4735	December 30, 2025
About the Write-ups and Disclosures category Write-ups and Disclosures	0	872	February 5, 2021
Response to Voatz’s Supreme Court Amicus Brief Press and Citations	0	1074	February 5, 2021