CVE-2024-21488

Name of the Vulnerable Software and Affected Versions network versions prior to 0.7.0

Description The issue exists due to insufficient input validation in the child process exec function of the Node.js Network utility. This allows a remote attacker to execute arbitrary commands on the operating system by providing attacker-controlled user input to the mac address for function of the package. The child process exec function is used without input sanitization, enabling the execution of arbitrary commands. The mac address for function is specifically vulnerable to this issue.

Recommendations For versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue. As a temporary workaround, consider disabling the mac address for function until a patch is available. Restrict access to the child process exec function to minimize the risk of exploitation. Avoid using the mac address for function with untrusted input until the issue is resolved.