Skip to main content

Node Macaddress

1 CVEs product

Monthly

CVE-2018-13797 npm CRITICAL POC PATCH Act Now

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Command Injection Node Macaddress
NVD GitHub
CVSS 3.0
9.8
EPSS
6.7%
EPSS 7% CVSS 9.8
CRITICAL POC PATCH Act Now

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Command Injection Node Macaddress
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy