dsp-testing

2 exploits Active since Jul 2018
CVE-2018-13797 NOMISEC CRITICAL WORKING POC
node-macaddress < 0.2.9 - OS Command Injection via Unsanitized Input to exec Call
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
CVSS 9.8
CVE-2018-16492 NOMISEC CRITICAL WRITEUP
extend <2.0.2, 3.0.0-3.0.2 - Prototype Pollution
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
CVSS 9.8