High severityNVD Advisory· Published Jan 4, 2023· Updated Apr 10, 2025
CVE-2022-25926
CVE-2022-25926
Description
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
window-controlnpm | < 1.4.5 | 1.4.5 |
Affected products
2- window-control/window-controldescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9mjx-wfqp-j5phghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25926ghsaADVISORY
- github.com/bruno-robert/window-control/commit/075c854534a749d887655a906759f5a7eee95173ghsaWEB
- github.com/bruno-robert/window-control/releases/tag/v1.4.5ghsaWEB
- security.snyk.io/vuln/SNYK-JS-WINDOWCONTROL-3186345ghsaWEB
News mentions
0No linked articles in our index yet.