CVE-2018-13797

Опубликовано: 10 июл. 2018

Источник: debian

EPSS Средний

Описание

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-macaddress	fixed	0.2.9-1		package

Примечания

https://github.com/scravy/node-macaddress/pull/20
nodejs not covered by security support

EPSS

Процентиль: 93%

0.11295

Средний

Связанные уязвимости

CVE-2018-13797

CVSS3: 9.8

ubuntu

больше 7 лет назад

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

CVE-2018-13797

CVSS3: 9.8

redhat

больше 7 лет назад

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

CVE-2018-13797

CVSS3: 9.8

nvd

больше 7 лет назад

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

GHSA-pp57-mqmh-44h7

CVSS3: 9.8

github

больше 7 лет назад

Command Injection in macaddress

EPSS

Процентиль: 93%

0.11295

Средний