CVE-2018-13797 Vulnerability in npm package macaddress

Description

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

Remediation

References

https://news.ycombinator.com/item?id=17283394

https://github.com/scravy/node-macaddress/releases/tag/0.2.9

https://github.com/scravy/node-macaddress/pull/20/

https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332

Related Vulnerabilities

CVE-2022-22138 Vulnerability in npm package fast-string-search

CVE-2021-34081 Vulnerability in npm package gitsome

CVE-2023-46998 Vulnerability in maven package org.webjars.npm:bootbox

CVE-2022-24279 Vulnerability in npm package madlib-object-utils

CVE-2017-12615 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H