Описание
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
A flaw was found in nodejs-macaddress. The module allows unsanitized input to an exec call which can lead to an arbitrary command injection flaw. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Red Hat Quay uses the macaddress module, but only as a development dependency, not at runtime reducing the impact on that product to low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-ui-rhel8 | Not affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
The macaddress module before 0.2.9 for Node.js is prone to an arbitrar ...
EPSS
9.8 Critical
CVSS3