Skip to content

Command Injection in macaddress

critical severity Published Sep 6, 2018 • Updated Sep 16, 2021

Package

npm macaddress (npm)

Affected versions

< 0.2.9

Patched versions

0.2.9

Description

All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.

Recommendation

Update to version 0.2.9 or later.

References

CVE ID

CVE-2018-13797

CVSS Score

9.8 Critical
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H