Q3K

**Name of the Vulnerable Software and Affected Versions** macaddress versions prior to 0.2.9 **Description** The issue is related to an arbitrary command injection flaw in the macaddress module for Node.js. This is due to the module allowing unsanitized input to an exec call. For this issue to be exploited, an attacker needs to control the `iface` argument to the `one` method. **Recommendations** Update to version 0.2.9 or later. As a temporary workaround, consider restricting access to the `one` method or sanitizing the `iface` argument to minimize the risk of exploitation.