Description
Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-0440 | Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on. |
Github GHSA |
GHSA-vvh2-82c7-ppfg | network Arbitrary Command Injection vulnerability |
References
History
Sat, 04 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 17 Jun 2025 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: snyk
Published:
Updated: 2026-07-04T15:25:05.032Z
Reserved: 2023-12-22T12:33:20.118Z
Link: CVE-2024-21488
Updated: 2024-08-01T22:20:40.579Z
Status : Modified
Published: 2024-01-30T05:15:09.277
Modified: 2026-06-17T07:09:35.853
Link: CVE-2024-21488
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
EUVD
Github GHSA