by vicarius
log in join community
by @secatgourity
04 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Exploit analysis for Arbitrary Command Injection in network package (CVE-2024-21488)

by @secatgourity
by @secatgourity
04 Jul 2024
#existing_exploit_analysis

Analyze a CVE exploitation

publish

Exploit analysis for Arbitrary Command Injection in network package (CVE-2024-21488)

CVEs

CVE-2024-21488
9.8 Critical Severity

Apps

N
NetworkForkhq
*.*
0.7.0.*

Screenshots from the blog posts

images/cly70e3fu1obb1gmwcm4y5oo2.pngimages/cly70e3fu1obb1gmwcm4y5oo2.png

Summary

In this post, we will understand how the code injection vulnerability came to existence in a NodeJS package, named network. We will understand the vulnerable code, and make sense of the PoC exploit.

Script link

Vulnerability found in NPM package - network

Vulnerability found in NPM package - network. GitHub Gist: instantly share code, notes, and snippets.

image

Description

Tags

#RCE#exposed_to_RCE_attack#open-source#nodejs#code-injection

@secatgourity

190 posts

Total vcoins

0

Social media links

Comments (0)