QID 997000
Date Published: 2024-01-31
QID 997000: NodeJs (Npm) Security Update for network (GHSA-vvh2-82c7-ppfg)
Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-vvh2-82c7-ppfg for updates and patch information.
Vendor References
- GHSA-vvh2-82c7-ppfg -
github.com/advisories/GHSA-vvh2-82c7-ppfg
CVEs related to QID 997000
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-vvh2-82c7-ppfg | network |
|