CVE advisoryCRITICAL
CVE-2024-21488
Network Package Arbitrary Command Injection
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A command injection vulnerability in the network package allows attackers to execute arbitrary operating system commands by providing unsanitized user input to the `mac_address_for` function. This could lead to system compromise if the affected package is used and exposed to such input.