Description
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Remediation
References
https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
https://github.com/scravy/node-macaddress/pull/20/
https://github.com/scravy/node-macaddress/releases/tag/0.2.9
https://news.ycombinator.com/item?id=17283394
Related Vulnerabilities
CVE-2017-18077 Vulnerability in maven package org.webjars.npm:brace-expansion
CVE-2021-33605 Vulnerability in maven package com.vaadin:vaadin-checkbox-flow
CVE-2021-23433 Vulnerability in npm package algoliasearch-helper
CVE-2023-46496 Vulnerability in npm package @evershop/evershop
CVE-2021-44585 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core