Popular npm library netmask has a critical networking vulnerability. Netmask is frequently used by hundreds of thousands of applications to parse IPv4 addresses and CIDR blocks or compare them. The vulnerability concerns how netmask handles mixed-format IP addresses, or more specifically when a decimal IPv4 address contains a leading zero. The bug can give rise to various vulnerabilities, from anti-SSRF and blocklist bypasses to Remote File Inclusion. In tests by BleepingComputer, typing 0127 0/ in Chrome’s address bar has the browser treating it as an IP in octal format.
Source: https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/