CVE-2024-21488
Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function wit
CVSS
7.3
Alto
EPSS
3.3%
p87
KEV
—
Exploit Today
26
0-100
Publicado: 30 ene 2024 · Última mod.: 4 jul 2026 · CWE-77
3.2%EPSS · 30 días3.3%
2026-06-302026-07-16
Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on.
- gist.github.comhttps://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c
- github.comhttps://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7
- github.comhttps://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7
- github.comhttps://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5
- security.snyk.iohttps://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-11426552
- security.snyk.iohttps://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371
- gist.github.comhttps://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c
- github.comhttps://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7
- github.comhttps://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7
- github.comhttps://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5
- security.snyk.iohttps://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-422718.8 ALT99.6%
KEV—80BerriAI LiteLLM Command Injection Vulnerability2dCVE-2023-349609.8 CRÍ99.9%
——30A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.8dCVE-2023-376799.8 CRÍ99.9%
——30A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.8dCVE-2026-80379.6 CRÍ98.6%
——30OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints3dCVE-2022-457018.8 ALT98.5%
——30Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.8dCVE-2023-337828.8 ALT98.3%
——30D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection vulnerability via the iperf3 diagnostics function.8d