Description
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Remediation
References
https://news.ycombinator.com/item?id=17283394
https://github.com/scravy/node-macaddress/releases/tag/0.2.9
https://github.com/scravy/node-macaddress/pull/20/
https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
Related Vulnerabilities
CVE-2020-16041 Vulnerability in npm package electron
CVE-2020-13947 Vulnerability in maven package org.apache.activemq:activemq-web-console
CVE-2023-22894 Vulnerability in npm package @strapi/strapi
CVE-2017-11467 Vulnerability in maven package com.orientechnologies:orientdb-core
CVE-2019-5427 Vulnerability in maven package com.mchange:c3p0