CVE-2018-13797: nodejs-macaddress: improper input validation leading to command injection

Severity: Critical

CVSS Score: 9.8

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.