Command Injection in traceroute
All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlled by an attacker.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
| Software | From | Fixed in |
|---|---|---|
traceroute
|
0.0.0 | - |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime