CVE-2022-25926

Опубликовано: 04 янв. 2023

Источник: nvd

CVSS3: 7.4

CVSS3: 7.8

EPSS Низкий

Описание

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.

Ссылки

https://github.com/bruno-robert/window-control/commit/075c854534a749d887655a906759f5a7eee95173
Patch
Third Party Advisory
https://github.com/bruno-robert/window-control/releases/tag/v1.4.5
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-WINDOWCONTROL-3186345
Third Party Advisory
https://github.com/bruno-robert/window-control/commit/075c854534a749d887655a906759f5a7eee95173
Patch
Third Party Advisory
https://github.com/bruno-robert/window-control/releases/tag/v1.4.5
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-WINDOWCONTROL-3186345
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:window-control_project:window-control:*:*:*:*:*:node.js:*:*

Версия до 1.4.5 (исключая)

EPSS

Процентиль: 53%

0.00304

Низкий

7.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-78

NVD-CWE-Other

CWE-94

Связанные уязвимости

GHSA-9mjx-wfqp-j5ph

CVSS3: 7.8

github

около 3 лет назад

window-control vulnerable to Command Injection due to improper input sanitization

EPSS

Процентиль: 53%

0.00304

Низкий

7.4 High

CVSS3

7.8 High

CVSS3

Дефекты

CWE-78

NVD-CWE-Other

CWE-94