WS-2018-0113 High Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github]

WS-2018-0113 - High Severity Vulnerability

Vulnerable Library - macaddress-0.2.8.tgz

Get the MAC addresses (hardware addresses) of the hosts network interfaces.

path: /tmp/git/welcome.osweekends.com/node_modules/macaddress/package.json

Library home page: http://registry.npmjs.org/macaddress/-/macaddress-0.2.8.tgz

Dependency Hierarchy:

• gulp-cssnano-2.1.2.tgz (Root Library)
  • cssnano-3.10.0.tgz
    • postcss-filter-plugins-2.0.2.tgz
      • uniqid-4.1.1.tgz
        • ❌ macaddress-0.2.8.tgz (Vulnerable Library)

Found in HEAD commit: f33e63b349f693c0cfb815c120bbbd381b775421

Vulnerability Details

All versions of macaddress are vulnerable to command injection. For this vulnerability to be exploited an attacker needs to control the iface argument to the one method.

Publish Date: 2018-05-16

URL: WS-2018-0113

CVSS 2 Score Details (10.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nodesecurity.io/advisories/654

Release Date: 2018-05-16

Fix Resolution: No fix is currently available for this vulnerability. It is our recommendation to not install or use this module until a fix is provided.

---

Step up your Open Source Security Game with WhiteSource here