Traceroute Project Traceroute vulnerabilities
2 known vulnerabilities affecting traceroute_project/traceroute.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-46316MEDIUMCVSS 5.5≥ 0, < 1:2.1.3-12023-10-25
CVE-2023-46316 [MEDIUM] CVE-2023-46316: In buc Traceroute 2
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.
osv
CVE-2018-21268CRITICALCVSS 9.8≤ 1.0.02020-06-25
CVE-2018-21268 [CRITICAL] CWE-74 CVE-2018-21268: The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injecti
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
ghsanvdosv