CVE-2018-13797

critical

Description

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

References

Advisories
More

https://github.com/scravy/node-macaddress/releases/tag/0.2.9

https://github.com/scravy/node-macaddress/pull/20/

https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332

https://news.ycombinator.com/item?id=17283394

Details

Source: Mitre, NVD

Published: 2018-07-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.12412

Detections

Analytics