Описание
systeminformation SSID Command Injection Vulnerability
Impact
SSID Command Injection Vulnerability
Patches
Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected
Workarounds
If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only)
References
Пакеты
Наименование
systeminformation
npm
Затронутые версииВерсия исправления
>= 5.0.0, < 5.21.7
5.21.7
Связанные уязвимости
CVSS3: 9.8
nvd
больше 2 лет назад
systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).