Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-gx6r-qc2v-3p3v: systeminformation SSID Command Injection Vulnerability

Impact

SSID Command Injection Vulnerability

Patches

Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected

Workarounds

If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only)

References

See also https://systeminformation.io/security.html

ghsa
Open in Source
#vulnerability#nodejs#git#wifi

Package

npm systeminformation (npm)

Affected versions

>= 5.0.0, < 5.21.7

Patched versions

5.21.7

Description

Impact

SSID Command Injection Vulnerability

Patches

Problem was fixed with a parameter check. Please upgrade to version >= 5.21.7, Version 4 was not affected

Workarounds

If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only)

References

See also https://systeminformation.io/security.html

References

  • GHSA-gx6r-qc2v-3p3v
  • sebhildebrandt/systeminformation@7972565
  • https://systeminformation.io/security.html

sebhildebrandt published to sebhildebrandt/systeminformation

Sep 21, 2023

Published to the GitHub Advisory Database

Sep 21, 2023

Reviewed

Sep 21, 2023

Related news

CVE-2023-42810: wifi sanitizing ssid names · sebhildebrandt/systeminformation@7972565

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters
ghsa