CVE-2023-42810

Опубликовано: 21 сент. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only).

Ссылки

https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392
Patch
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3v
Vendor Advisory
https://systeminformation.io/security.html
Vendor Advisory
https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392
Patch
https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3v
Vendor Advisory
https://systeminformation.io/security.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*

Версия от 5.0.0 (включая) до 5.21.7 (исключая)

EPSS

Процентиль: 84%

0.02061

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-gx6r-qc2v-3p3v