VDB
CVE-2018-13797
CVE-2018-13797
PUBLISHED
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
EPSS 11.29% · 93.7th percentile
Risk Scores
EPSS Score
11.29%
93.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | node-macaddress | 0, 0.2.8-2, 0.2.8-1 |
Exploit Intelligence
- ossf-cve-benchmark/CVE-2018-13797 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-13797 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-13797 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-13797 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-13797 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-13797 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-13797 (github-poc-repo)
- ossf-cve-benchmark/CVE-2018-13797 (github-poc-repo)
- dsp-testing/CVE-2018-13797 (github-poc-repo)
- dsp-testing/CVE-2018-13797 (github-poc-repo)
…and 34 more exploits
Timeline
- Jul 10, 2018 CVE Published
- Oct 3, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-13797 third-party-advisory
- https://github.com/scravy/node-macaddress/pull/20 third-party-advisory
- https://github.com/scravy/node-macaddress/commit/358fd594adb196a86b94ac9c691f69fe5dad2332 third-party-advisory
- https://github.com/scravy/node-macaddress/pull/20/ third-party-advisory
- https://github.com/scravy/node-macaddress/releases/tag/0.2.9 third-party-advisory
- https://news.ycombinator.com/item?id=17283394 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-13797 third-party-advisory