COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-21488

CVE-2024-21488

Severity
high
Source
NVD · cve
Published
2024-01-30
CVSS
7.3
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-21488
⚡ RCE shame 40/100 rce

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the

Players implicated

forkhq · vendor

Description

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.