James Weston

1 exploit Active since Jun 2020
CVE-2018-21268 WRITEUP CRITICAL WRITEUP
traceroute < 1.0.0 - Remote Command Injection via Host Parameter
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
CVSS 10.0