Description
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Remediation
References
https://news.ycombinator.com/item?id=17283394
https://github.com/scravy/node-macaddress/releases/tag/0.2.9
https://github.com/scravy/node-macaddress/pull/20/
https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
Related Vulnerabilities
CVE-2022-23107 Vulnerability in maven package io.jenkins.plugins:warnings-ng
CVE-2021-32621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-dashboard-macro
CVE-2022-23539 Vulnerability in npm package jsonwebtoken
CVE-2022-1295 Vulnerability in npm package fullpage.js
CVE-2021-39151 Vulnerability in maven package com.thoughtworks.xstream:xstream