CVE-2018-21268

The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...

@rebelware/fibonacci-generator (=0.0.3), @tgwf/greentrace-cli (>=0.0.1 <=0.2.0) +4 more potentially affected by CVE-2018-21268 via traceroute (>=0.0.3 <=1.0.0)

traceroute NPM version =0.0.3, =0.0.1, =0.0.1, =1.0.1, =1.0.2 - securiwiser-web-check =1.0.0 Source cves: CVE-2018-21268 Source advisory: OSV:GHSA-8J9V-QHP4-WV55...

CVE-2018-21268

creationtimestamp| type| source ---|---|--- 2020-06-25 20:55:30+00:00| seen| https://t.me/cibsecurity/13061 2020-07-01 11:55:36+00:00| seen| https://t.me/cibsecurity/13165 2020-07-01 14:55:31+00:00| seen| https://t.me/cibsecurity/13176...

CVE-2018-21268

The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...

CVE-2018-21268

The traceroute aka node-traceroute package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character...

CVE-2018-21268

CVE-2018-21268 concerns the node-traceroute package (v1.0.0 and earlier) for Node.js, where remote command injection is possible via the host parameter due to Child.exec() being used, allowing an OS command after a newline. Multiple sources (NVD, Red Hat, GitHub advisories, osv.dev) describe this...