systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
References
Configurations
History
23 Sep 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392 - Patch | |
References | (MISC) https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3v - Vendor Advisory | |
References | (MISC) https://systeminformation.io/security.html - Vendor Advisory | |
First Time |
Systeminformation systeminformation
Systeminformation |
21 Sep 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-21 18:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-42810
Mitre link : CVE-2023-42810
CVE.ORG link : CVE-2023-42810
JSON object : View
Products Affected
systeminformation
- systeminformation
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')