Описание
Command Injection in macaddress
All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.
Recommendation
Update to version 0.2.9 or later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-13797
- https://github.com/scravy/node-macaddress/pull/20
- https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
- https://hackerone.com/reports/319467
- https://github.com/advisories/GHSA-pp57-mqmh-44h7
- https://github.com/scravy/node-macaddress/releases/tag/0.2.9
- https://news.ycombinator.com/item?id=17283394
- https://www.npmjs.com/advisories/654
Пакеты
macaddress
< 0.2.9
0.2.9
Связанные уязвимости
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
The macaddress module before 0.2.9 for Node.js is prone to an arbitrar ...