CVE-2024-21488

Summary

CVE-2024-21488 is a new vulnerability affecting versions of the network package prior to 0.7.0. This issue allows for Arbitrary Command Injection due to the package's use of the child_process exec function without proper input sanitization. Malicious user input supplied to the mac_address_for function can result in the execution of arbitrary commands on the operating system where this package is in use. This vulnerability poses a significant risk as it can lead to serious security consequences, including system compromise. It is recommended that users upgrade to the latest version of the network package to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.