Note that Net::CIDR::Lite now has an active maintainer (STIGTSP) and as of version 0.22 has been patched to address this flaw.
| [reply] |
If I'm reading it correctly, it only affects you if you've configured something using octal IP addresses, or you are trusting textual IP address from remote users. Is it really a security issue in that case?
| [reply] |
From my limited experience from security, everything that has a potential to behave differently than expected is considered a security issue. After the original node issue was published, I can imagine lots of people and robots trying entering dangerous IPs everywhere just to see what happens.
map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
| [reply] [d/l] |