WS-2018-0113 - High Severity Vulnerability
Vulnerable Library - macaddress-0.2.8.tgz
Get the MAC addresses (hardware addresses) of the hosts network interfaces.
path: /tmp/git/bit/node_modules/macaddress/package.json
Library home page: http://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz
Dependency Hierarchy:
- uniqid-4.1.1.tgz (Root Library)
- ❌ macaddress-0.2.8.tgz (Vulnerable Library)
Found in HEAD commit: dae84c30d5bc4c197e093d1bcb1930fa1735588a
Vulnerability Details
All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.
Publish Date: 2018-05-16
URL: WS-2018-0113
CVSS 2 Score Details (10.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/654
Release Date: 2018-05-16
Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is provided.
Step up your Open Source Security Game with WhiteSource here
WS-2018-0113 - High Severity Vulnerability
Get the MAC addresses (hardware addresses) of the hosts network interfaces.
path: /tmp/git/bit/node_modules/macaddress/package.json
Library home page: http://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz
Dependency Hierarchy:
Found in HEAD commit: dae84c30d5bc4c197e093d1bcb1930fa1735588a
All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.
Publish Date: 2018-05-16
URL: WS-2018-0113
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/654
Release Date: 2018-05-16
Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is provided.
Step up your Open Source Security Game with WhiteSource here