CVE-2024-21488

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21488

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21488.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21488

Aliases

GHSA-vvh2-82c7-ppfg

Published

2024-01-30T05:15:09Z

Modified

2025-01-15T05:05:39.368129Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the childprocess exec function without input sanitization. If (attacker-controlled) user input is given to the macaddress_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.

References

Affected packages

Git / github.com/tomas/network

Affected ranges

Type: GIT
Repo: https://github.com/tomas/network
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5599ed6d6ff1571a5ccadea775430c131f381de7

Fixed

5599ed6d6ff1571a5ccadea775430c131f381de7

Fixed

6ec8713580938ab4666df2f2d0f3399891ed2ad7

Fixed

6ec8713580938ab4666df2f2d0f3399891ed2ad7

Fixed

72c523265940fe279eb0050d441522628f8988e5

Fixed

72c523265940fe279eb0050d441522628f8988e5

Affected versions

v0.*

v0.0.12

v0.3.0

v0.5.0

v0.6.1