4 matches found
iobroker.yahka (>=0.5.4 <=0.7.1) potentially affected by CVE-2018-13797 via macaddress (=0.2.8)
macaddress NPM version =0.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on macaddress and may be impacted: - iobroker.yahka =0.5.4, =0.7.1 Source cves: CVE-2018-13797 Source advisory: OSV:GHSA-PP57-MQMH-44H7...
CVE-2018-13797
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...
CVE-2018-13797
CVE-2018-13797 (nodejs-macaddress) affects the macaddress module for Node.js prior to 0.2.9. The root cause is unsanitized input passed to an exec call (not execFile), enabling arbitrary command injection. This could lead to remote command execution, impacting confidentiality, integrity, and avai...
CVE-2018-13797
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...