Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Traceroute Project Subscribe
Filtered by product Traceroute
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-21268 1 Traceroute Project 1 Traceroute 2020-07-06 7.5 HIGH 9.8 CRITICAL
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.