vulnerability
Ubuntu: (CVE-2018-13797): node-macaddress vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jul 10, 2018 | Jun 26, 2025 | Jun 26, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jul 10, 2018
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Solution
no-fix-ubuntu-package
References
- CVE-2018-13797
- https://attackerkb.com/topics/CVE-2018-13797
- URL-https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
- URL-https://github.com/scravy/node-macaddress/pull/20
- URL-https://github.com/scravy/node-macaddress/pull/20/
- URL-https://github.com/scravy/node-macaddress/releases/tag/0.2.9
- URL-https://news.ycombinator.com/item?id=17283394
- URL-https://www.cve.org/CVERecord?id=CVE-2018-13797
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.