CVE-2018-21268 – The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote comma …

Vuln ID: CVE-2018-21268

Published:  2020-06-25  17:15:11Z

Description: The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.

Source: NVD.NIST.GOV

 

Tags