Количество 2
Количество 2
CVE-2018-21268
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
GHSA-8j9v-qhp4-wv55
Node-Traceroute RCE Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-21268 The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character. | CVSS3: 10 | 7% Низкий | больше 5 лет назад |
| GHSA-8j9v-qhp4-wv55 Node-Traceroute RCE Vulnerability | CVSS3: 9.8 | 7% Низкий | больше 3 лет назад |
Уязвимостей на страницу