Lucene search
GoogleOSV:GHSA-PP57-MQMH-44H7HistorySep 06, 2018 - 11:24 p.m.
Command Injection in macaddress
2018-09-0623:24:21
Google
osv.dev
4
0.003 Low
EPSS
Percentile
70.9%
All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.
Recommendation
Update to version 0.2.9 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| macaddress | lt | 0.2.9 |
References
github.com/advisories/GHSA-pp57-mqmh-44h7
github.com/scravy/node-macaddress
github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
github.com/scravy/node-macaddress/pull/20
github.com/scravy/node-macaddress/releases/tag/0.2.9
hackerone.com/reports/319467
news.ycombinator.com/item?id=17283394
nvd.nist.gov/vuln/detail/CVE-2018-13797
www.npmjs.com/advisories/654
Related
cve
cve
CVE-2018-13797
2022-10-03 16:22:20
nvd
nvd
CVE-2018-13797
2018-07-10 12:29:00
osv
osv
CVE-2018-13797
2018-07-10 12:29:00
Command Injection in standard-version
2020-07-13 21:34:59
redhatcve
redhatcve
CVE-2018-13797
2021-03-19 05:36:37
ubuntucve
ubuntucve
CVE-2018-13797
2018-07-10 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-05-15 07:55:51
cvelist
cvelist
CVE-2018-13797
2022-10-03 16:22:20
debiancve
debiancve
CVE-2018-13797
2022-10-03 16:22:20
github
github
Command Injection in macaddress
2018-09-06 23:24:21
Command Injection in standard-version
2020-07-13 21:34:59
prion
prion
Command injection
2018-07-10 12:29:00