CVE-2018-21268

CVE-2018-21268

The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.

Source: CVE-2018-21268

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다