WS-2018-0113 (High) detected in macaddress-0.2.8.tgz

[mend-bolt-for-github]

WS-2018-0113 - High Severity Vulnerability

Vulnerable Library - macaddress-0.2.8.tgz

Get the MAC addresses (hardware addresses) of the hosts network interfaces.

Library home page: https://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz

Path to dependency file: /blockchain-demo/frontend/package.json

Path to vulnerable library: /tmp/git/blockchain-demo/frontend/node_modules/macaddress/package.json

Dependency Hierarchy:

• cli-1.6.1.tgz (Root Library)
  • cssnano-3.10.0.tgz
    • postcss-filter-plugins-2.0.2.tgz
      • uniqid-4.1.1.tgz
        • ❌ macaddress-0.2.8.tgz (Vulnerable Library)

Vulnerability Details

All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.

Publish Date: 2018-05-16

URL: WS-2018-0113

CVSS 2 Score Details (10.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/654

Release Date: 2018-05-16

Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is provided.

---

Step up your Open Source Security Game with WhiteSource here