Количество 3
Количество 3
CVE-2024-21488
Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.
GHSA-vvh2-82c7-ppfg
network Arbitrary Command Injection vulnerability
BDU:2024-01023
Уязвимость функции child_process exec кроссплатформенной сетевой утилиты Node.js Network, позволяющая нарушителю выполнять произвольные команды
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-21488 Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on. | CVSS3: 7.3 | 2% Низкий | около 2 лет назад |
| GHSA-vvh2-82c7-ppfg network Arbitrary Command Injection vulnerability | CVSS3: 7.3 | 2% Низкий | около 2 лет назад |
 | BDU:2024-01023 Уязвимость функции child_process exec кроссплатформенной сетевой утилиты Node.js Network, позволяющая нарушителю выполнять произвольные команды | CVSS3: 7.3 | 2% Низкий | около 2 лет назад |
Уязвимостей на страницу