{"id":"CVE-2024-21488","details":"Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.","aliases":["GHSA-vvh2-82c7-ppfg"],"modified":"2026-03-15T22:48:24.589859Z","published":"2024-01-30T05:15:09.277Z","references":[{"type":"FIX","url":"https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7"},{"type":"FIX","url":"https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7"},{"type":"FIX","url":"https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371"},{"type":"EVIDENCE","url":"https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tomas/network","events":[{"introduced":"0"},{"fixed":"5599ed6d6ff1571a5ccadea775430c131f381de7"}]},{"type":"GIT","repo":"https://github.com/tomas/network","events":[{"introduced":"0"},{"fixed":"6ec8713580938ab4666df2f2d0f3399891ed2ad7"}]},{"type":"GIT","repo":"https://github.com/tomas/network","events":[{"introduced":"0"},{"fixed":"72c523265940fe279eb0050d441522628f8988e5"}]},{"type":"GIT","repo":"https://github.com/tomas/network","events":[{"introduced":"0"},{"fixed":"5599ed6d6ff1571a5ccadea775430c131f381de7"}]},{"type":"GIT","repo":"https://github.com/tomas/network","events":[{"introduced":"0"},{"fixed":"6ec8713580938ab4666df2f2d0f3399891ed2ad7"}]},{"type":"GIT","repo":"https://github.com/tomas/network","events":[{"introduced":"0"},{"fixed":"72c523265940fe279eb0050d441522628f8988e5"}]}],"versions":["v0.0.12","v0.3.0","v0.5.0","v0.6.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.7.0"}]},{"events":[{"introduced":"0"},{"fixed":"0.7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21488.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}