Description
All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.
Recommendation
Update the macaddress package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.2.9
- Patched version(s): 0.2.9
References
- GHSA-pp57-mqmh-44h7
- hackerone.com
- www.npmjs.com
- news.ycombinator.com
- CVE-2018-13797
- CWE-78
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Command Injection in lodash (GHSA-35jh-r3h4-6jhm) - CVE-2021-23337
- Command Injection Vulnerability in systeminformation (GHSA-m57p-p67h-mq74) - CVE-2020-26274
- Command Injection in ungit (GHSA-vjfr-p6hp-jqqw) - CVE-2015-4130
- nadesiko3 vulnerable to OS Command Injection - CVE-2022-42496
- Tags:
- npm
- macaddress
Anything's wrong? Let us know Last updated on January 09, 2023