All versions of macaddress
are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface
argument to the one
method.
Update to version 0.2.9 or later.
CPE | Name | Operator | Version |
---|---|---|---|
macaddress | lt | 0.2.9 |
github.com/advisories/GHSA-pp57-mqmh-44h7
github.com/scravy/node-macaddress
github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
github.com/scravy/node-macaddress/pull/20
github.com/scravy/node-macaddress/releases/tag/0.2.9
hackerone.com/reports/319467
news.ycombinator.com/item?id=17283394
nvd.nist.gov/vuln/detail/CVE-2018-13797
www.npmjs.com/advisories/654