Nodemedic

**Name of the Vulnerable Software and Affected Versions** network versions prior to 0.7.0 **Description** The issue exists due to insufficient input validation in the child process exec function of the Node.js Network utility. This allows a remote attacker to execute arbitrary commands on the operating system by providing attacker-controlled user input to the mac address for function of the package. The `child process` exec function is used without input sanitization, enabling the execution of arbitrary commands. The `mac address for` function is specifically vulnerable to this issue. **Recommendations** For versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue. As a temporary workaround, consider disabling the `mac address for` function until a patch is available. Restrict access to the `child process` exec function to minimize the risk of exploitation. Avoid using the `mac address for` function with untrusted input until the issue is resolved.