Lucene search
Veracode Vulnerability DatabaseVERACODE:6303HistoryMay 15, 2018 - 7:55 a.m.
Remote Code Execution (RCE)
2018-05-1507:55:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.003 Low
EPSS
Percentile
70.9%
macaddress is vulnerable to remote code execution (RCE) attacks. The vulnerability exists due to the lack of sanitization of the iface argument, allowing arbitrary shell commands to be injected and executed through it.
| CPE | Name | Operator | Version |
|---|---|---|---|
| macaddress | le | 0.2.8 |
References
github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
github.com/scravy/node-macaddress/pull/20
github.com/scravy/node-macaddress/pull/20/
github.com/scravy/node-macaddress/releases/tag/0.2.9
hackerone.com/chalker
hackerone.com/reports/319467
news.ycombinator.com/item?id=17283394
Related
cve
cve
CVE-2018-13797
2022-10-03 16:22:20
osv
osv
Command Injection in macaddress
2018-09-06 23:24:21
CVE-2018-13797
2018-07-10 12:29:00
Command Injection in standard-version
2020-07-13 21:34:59
nvd
nvd
CVE-2018-13797
2018-07-10 12:29:00
redhatcve
redhatcve
CVE-2018-13797
2021-03-19 05:36:37
cvelist
cvelist
CVE-2018-13797
2022-10-03 16:22:20
debiancve
debiancve
CVE-2018-13797
2022-10-03 16:22:20
prion
prion
Command injection
2018-07-10 12:29:00
github
github
Command Injection in macaddress
2018-09-06 23:24:21
Command Injection in standard-version
2020-07-13 21:34:59
ubuntucve
ubuntucve
CVE-2018-13797
2018-07-10 00:00:00