CVE-2018-13797 Vulnerability in npm package macaddress

Description

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

Remediation

References

https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332

https://github.com/scravy/node-macaddress/pull/20/

https://github.com/scravy/node-macaddress/releases/tag/0.2.9

https://news.ycombinator.com/item?id=17283394

Related Vulnerabilities

CVE-2023-40177 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui

CVE-2022-36076 Vulnerability in npm package nodebb

CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-dist

CVE-2022-24839 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml

CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r5

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H