Candidate: CVE-2018-13797
PublicDate: 2018-07-10 12:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13797
 https://github.com/scravy/node-macaddress/pull/20
 https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332
 https://github.com/scravy/node-macaddress/pull/20/
 https://github.com/scravy/node-macaddress/releases/tag/0.2.9
 https://news.ycombinator.com/item?id=17283394
Description:
 The macaddress module before 0.2.9 for Node.js is prone to an arbitrary
 command injection flaw, due to allowing unsanitized input to an exec
 (rather than execFile) call.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_node-macaddress:
upstream_node-macaddress: released (0.2.9-1)
precise/esm_node-macaddress: DNE
trusty_node-macaddress: DNE
trusty/esm_node-macaddress: DNE
xenial_node-macaddress: DNE
artful_node-macaddress: DNE
bionic_node-macaddress: needed
cosmic_node-macaddress: not-affected (0.2.9-1)
disco_node-macaddress: not-affected (0.2.9-1)
eoan_node-macaddress: not-affected (0.2.9-1)
focal_node-macaddress: not-affected (0.2.9-1)
groovy_node-macaddress: not-affected (0.2.9-1)
hirsute_node-macaddress: not-affected (0.2.9-1)
impish_node-macaddress: not-affected (0.2.9-1)
jammy_node-macaddress: not-affected (0.2.9-1)
devel_node-macaddress: not-affected (0.2.9-1)