cvedb.io
CVE-2024-21488
HIGH · CVSS 7.3
EPSS exploitation probability: 0%
Published 2024-01-30T05:15:09.277 · Last modified 2026-07-04T16:17:12.927

Summary

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.

Affected products

forkhq — network

Does this affect you?

Add your gear to cvedb and we'll alert you only when forkhq ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.