macaddress is vulnerable to remote code execution (RCE) attacks. The vulnerability exists due to the lack of sanitization of the iface
argument, allowing arbitrary shell commands to be injected and executed through it.
CPE | Name | Operator | Version |
---|---|---|---|
macaddress | le | 0.2.8 |
github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
github.com/scravy/node-macaddress/pull/20
github.com/scravy/node-macaddress/pull/20/
github.com/scravy/node-macaddress/releases/tag/0.2.9
hackerone.com/chalker
hackerone.com/reports/319467
news.ycombinator.com/item?id=17283394