Description
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Remediation
References
https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
https://github.com/scravy/node-macaddress/pull/20/
https://github.com/scravy/node-macaddress/releases/tag/0.2.9
https://news.ycombinator.com/item?id=17283394
Related Vulnerabilities
CVE-2022-23541 Vulnerability in maven package org.webjars.npm:jsonwebtoken
CVE-2021-27290 Vulnerability in maven package org.webjars.npm:ssri
CVE-2020-14060 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2023-3224 Vulnerability in npm package nuxt
CVE-2020-28481 Vulnerability in maven package org.webjars.bower:socket.io