Description
All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.
Recommendation
Update the macaddress package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.2.9
- Patched version(s): 0.2.9
References
- GHSA-pp57-mqmh-44h7
- hackerone.com
- www.npmjs.com
- news.ycombinator.com
- CVE-2018-13797
- CWE-78
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 4 - CVE-2019-10744
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) 2 - CVE-2019-10744
- Passbolt Browser Extension leaks password information - CVE-2024-33669
- JSONata expression can pollute the "Object" prototype - CVE-2024-27307
- Tags:
- npm
- macaddress
Anything's wrong? Let us know Last updated on January 09, 2023