Data-Validate-IP-0.28

Security Advisories (1)

CVE-2021-29662 (2021-03-31)

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

Changes for version 0.28 - 2021-03-29

Added docs about the security implications of using functions like is_private_ip4() without _also_ calling is_ipv4() first. This was inspired by a recent issue with the Node netmask package. See https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/ for a write up.

Documentation

CONTRIBUTING.md

README.md

Modules

Data::Validate::IP

IPv4 and IPv6 validation methods

Other files

To install Data::Validate::IP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Data::Validate::IP

CPAN shell

perl -MCPAN -e shell
install Data::Validate::IP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.28 - 2021-03-29

Documentation

Modules

Other files

Module Install Instructions

Keyboard Shortcuts