Description
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Remediation
References
https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
https://github.com/scravy/node-macaddress/pull/20/
https://github.com/scravy/node-macaddress/releases/tag/0.2.9
https://news.ycombinator.com/item?id=17283394
Related Vulnerabilities
CVE-2023-40814 Vulnerability in maven package org.opencrx:opencrx-core-models
CVE-2022-36091 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-37137 Vulnerability in maven package io.netty:netty-codec
CVE-2012-4431 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2023-45134 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates