All versions of
macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the
iface argument to the
Update to version 0.2.9 or later.