Description
All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.
Recommendation
Update the macaddress package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.2.9
- Patched version(s): 0.2.9
References
- GHSA-pp57-mqmh-44h7
- hackerone.com
- www.npmjs.com
- news.ycombinator.com
- CVE-2018-13797
- CWE-78
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Path Traversal: 'dir/../../filename' in moment.locale - CVE-2022-24785
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 3 - CVE-2019-10744
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 2 - CVE-2019-10744
- Passbolt Browser Extension leaks password information - CVE-2024-33669
- Tags:
- npm
- macaddress
Anything's wrong? Let us know Last updated on January 09, 2023