VYPR
Critical severityNVD Advisory· Published Sep 21, 2023· Updated Sep 24, 2024

systeminformation SSID Command Injection Vulnerability

CVE-2023-42810

Description

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections(), wifiNetworks() (string only).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
systeminformationnpm
>= 5.0.0, < 5.21.75.21.7

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.