traceroute

Releases4

Frequency1 year 4 months

Last Release over 10 years ago

Wrapper around native traceroute command

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-21268 ↗	Jun 25, 2020Thursday, 25 June 2020, 17:15	10 CRITICAL	7.5 HIGH
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.