CVE-2018-13797: OS Command Injection

July 10, 2018 (updated October 3, 2019)

The macaddress module for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

References

nvd.nist.gov/vuln/detail/CVE-2018-13797

Code Behaviors & Features

Detect and mitigate CVE-2018-13797 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →