GHSA-rjvj-673q-4hfw

Опубликовано: 04 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Command Injection in traceroute

All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlled by an attacker.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Ссылки

https://snyk.io/vuln/npm:traceroute:20160311
https://www.npmjs.com/advisories/1465

Пакеты

Наименование

traceroute

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

Дефекты

CWE-77

Дефекты

CWE-77