Vulnerability Details CVE-2018-13797
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.118
EPSS Ranking 93.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
- https://github.com/scravy/node-macaddress/pull/20/
- https://github.com/scravy/node-macaddress/releases/tag/0.2.9
- https://news.ycombinator.com/item?id=17283394
- https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
- https://github.com/scravy/node-macaddress/pull/20/
- https://github.com/scravy/node-macaddress/releases/tag/0.2.9
- https://news.ycombinator.com/item?id=17283394
Products affected by CVE-2018-13797
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.1.0
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.1.1
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.1.2
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.1.3
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.2.0
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.2.1
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.2.2
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.2.4
-
cpe:2.3:a:node-macaddress_project:node-macaddress:0.2.8