CRITICAL🇵🇱 Wersja polska

CVE-2018-21268

CVSS 10.0v3.1pub. 2020-06-25upd. 2024-11-21

The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
  • Traceroute Project Traceroute

    APP
    Traceroute Project
    ≤ 1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References