CVE-2018-13797 Vulnerability in maven package org.webjars.npm:macaddress

Description

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

Remediation

References

https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332

https://github.com/scravy/node-macaddress/pull/20/

https://github.com/scravy/node-macaddress/releases/tag/0.2.9

https://news.ycombinator.com/item?id=17283394

Related Vulnerabilities

CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem

CVE-2021-23372 Vulnerability in npm package mongo-express

CVE-2020-27665 Vulnerability in npm package strapi-plugin-content-type-builder

CVE-2021-22204 Vulnerability in npm package exiftool-vendored

CVE-2021-31812 Vulnerability in maven package org.apache.pdfbox:pdfbox

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H